WordPress Plugin Vulnerabilities

Photo-Gallery <= 1.2.41 - UploadHandler.php File Upload CSRF

Description

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by an UploadHandler.php File Upload CSRF security vulnerability.

Affects Plugins

Plugin icon
photo-gallery
Fixed in 1.2.42

References

CVE
CVE-2015-9380
URL
https://packetstormsecurity.com/files/#126521/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Verified
No
WPVDB ID
c78396fc-aeab-47a9-b7f5-a83f7931a9c5

Timeline

Publicly Published
2014-05-07 (about 12 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-04-01
Title
DN Footer Contacts <= 1.8 - Cross-Site Request Forgery
Published
2023-12-27
Title
Duplicator < 1.5.7.1 - Settings Removal via CSRF
Published
2024-08-28
Title
Podlove Podcast Publisher < 4.1.14 - Cross-Site Request Forgery to Remote Code Execution
Published
2022-05-31
Title
MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF
Published
2025-09-22
Title
SV Proven Expert <= 2.0.06 - Cross-Site Request Forgery