Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Photo Gallery by 10Web – Mobile-Friendly Image Gallery — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in Photo Gallery by 10Web – Mobile-Friendly Image Gallery, with AI-generated Chinese analysis, references, and POCs.

Vendor: Photo Gallery Team

CVE IDTitleCVSSSeverityPublished
CVE-2026-1036 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion CWE-862 5.3 Medium2026-01-21
CVE-2025-2269 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.34 Reflected Cross-Site Scripting via 'image_id' Parameter CWE-79 6.1 Medium2025-04-11
CVE-2024-9878 Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting CWE-79 4.4 Medium2024-11-05
CVE-2024-5481 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function CWE-35 6.8 Medium2024-06-07
CVE-2024-5426 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG CWE-79 6.4 Medium2024-06-07
CVE-2024-2296 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG CWE-79 5.5 Medium2024-04-06
CVE-2024-0221 Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename CWE-22 9.1 Critical2024-02-05
CVE-2023-6924 Photo Gallery by 10Web <= 1.8.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget CWE-79 4.4 Medium2024-01-11
CVE-2022-1394 Photo Gallery < 1.6.4 - Admin+ Stored Cross-Site Scripting CWE-79 4.8 -2022-06-06
CVE-2022-1282 Photo Gallery < 1.6.3 - Reflected Cross-Site Scripting CWE-79 6.1 -2022-05-02
CVE-2022-1281 Photo Gallery < 1.6.3 - Unauthenticated SQL Injection CWE-89 9.8 -2022-05-02
CVE-2022-0169 Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection CWE-89 9.8 -2022-03-14
CVE-2021-25041 Photo Gallery by 10Web < 1.5.68 - Reflected Cross-Site Scripting (XSS) CWE-79 6.1 -2021-12-06
CVE-2021-24363 Photo Gallery < 1.5.75 - File Upload Path Traversal CWE-22 4.9 -2021-08-16
CVE-2021-24362 Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG CWE-79 6.1 -2021-08-16
CVE-2021-24310 Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title CWE-79 4.8 -2021-06-01
CVE-2021-24291 Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS) CWE-79 6.1 -2021-05-14

All 17 known CVE vulnerabilities affecting Photo Gallery by 10Web – Mobile-Friendly Image Gallery with full Chinese analysis, references, and POCs where available.