First published: Sun Sep 08 2019(Updated: )
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
10web Photo Gallery | <1.5.35 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this cross-site scripting vulnerability is CVE-2019-16117.
The affected software for this vulnerability is the 10Web Photo Gallery plugin before version 1.5.35 for WordPress.
The severity of CVE-2019-16117 is medium with a CVSS score of 6.1.
The cross-site scripting vulnerability in the 10Web Photo Gallery plugin occurs via the 'admin/models/Galleries.php' file.
Yes, there are references related to this vulnerability. You can find them [here](http://packetstormsecurity.com/files/154433/WordPress-Photo-Gallery-1.5.34-Cross-Site-Scripting.html), [here](https://plugins.trac.wordpress.org/changeset/2150912/photo-gallery/trunk/admin/models/Galleries.php?old=2135029&old_path=photo-gallery%2Ftrunk%2Fadmin%2Fmodels%2FGalleries.php), and [here](https://wordpress.org/plugins/photo-gallery/#developers).