WordPress Plugin Vulnerabilities

Photo Gallery by 10Web <= 1.5.24 - Authenticated LFI

Description

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by an Authenticated LFI security vulnerability.

Affects Plugins

Plugin icon
photo-gallery
Fixed in 1.5.25

References

CVE
CVE-2019-14798
URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=2088371%40photo-gallery&old=2087556%40photo-gallery

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
4.9 (medium)

Miscellaneous

Verified
No
WPVDB ID
bb01dd50-72fe-4e43-9d79-122937a9b39c

Timeline

Publicly Published
2019-05-15 (about 6 years ago)
Added
2019-06-19 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-10-19
Title
Ultimate Addons for WPBakery Page Builder < 3.19.15 - Authenticated(Contributor+) Local File Inclusion
Published
2024-05-21
Title
WPZOOM Addons for Elementor (Templates, Widgets) < 1.1.38 - Unauthenticated Local File Inclusion
Published
2017-06-22
Title
WP Rocket <= 2.10.3 - Local File Inclusion (LFI)
Published
2026-02-25
Title
Squeeze < 1.7.8 - Authenticated (Subscriber+) Directory Traversal
Published
2024-04-18
Title
tagDiv Composer < 4.9 - Authenticated (Contributor+) Local File Inclusion via Shortcode