Photo gallery
This hub aggregates every CVE we track for Photo gallery, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
39
CVEs tracked
7
Critical
7
High
0
In CISA KEV
Severity distribution
MEDIUM25HIGH7CRITICAL7
Monthly trend
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Photo gallery.
- CVE-2025-47677WordPress Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery plugin <= 2.7.7.25 - Cross Site Scripting (XSS) Vulnerability6.5
- CVE-2024-35628WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability4.3
- CVE-2024-33586WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability5.3
- CVE-2021-46889The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.6.1
- CVE-2023-1427Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal4.9
- CVE-2021-31693The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-2...6.1
- CVE-2021-36891WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change5.4
- CVE-2022-1394Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting4.8
- CVE-2022-1282Photo Gallery < 1.6.3 - Reflected Cross-Site Scripting6.1
- CVE-2022-1281Photo Gallery < 1.6.3 - Unauthenticated SQL Injection9.8
- CVE-2022-0169Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection9.8
- BDU:2022-00848Уязвимость плагина Photo Gallery системы управления содержимым сайта WordPress, позволяющая нарушителю осуществлять межсайтовые сценарные атаки9.6
- CVE-2021-25041Photo Gallery by 10Web < 1.5.68 - Reflected Cross-Site Scripting (XSS)6.1
- CVE-2021-24363Photo Gallery < 1.5.75 - File Upload Path Traversal4.9
- CVE-2021-24362Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG6.1
Product normalization is registry-driven with AI assist and human review. How it works