WordPress Plugin Vulnerabilities

Photo Gallery 1.1.30 - Cross Site Scripting

Description

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by a Cross Site Scripting security vulnerability.

Affects Plugins

Plugin icon
photo-gallery
Fixed in 1.1.31

References

CVE
CVE-2014-6315
URL
https://packetstormsecurity.com/files/#128518/
URL
https://www.immuniweb.com/advisory/HTB23232

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
9285f0b4-1e9f-49d6-a831-4b9f0f0c40a2

Timeline

Publicly Published
2014-10-01 (about 11 years ago)
Added
2015-02-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-11-04
Title
Wp Slide Categorywise <= 1.1 - Reflected Cross-Site Scripting
Published
2025-08-04
Title
Campus Directory < 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter
Published
2025-08-15
Title
Advanced iFrame < 2025.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2014-08-01
Title
JS External Link Info 1.21 - redirect.php blog Parameter XSS
Published
2023-10-12
Title
Simple Tweet <= 1.4.0.2 - Admin+ Stored XSS