cleantalk
Vulnerabilities and Security Researches

Photo Gallery by 10Web – Mobile-Friendly Image Gallery, CVE-2026-1036

CVE, Research URL

CVE-2026-1036

Home page URL

Security reports for Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Application

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Published on
Jan 22, 2026
Research Description
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_comment() function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to delete arbitrary image comments. Note: comments functionality is only available in the Pro version of the plugin.
Affected versions
max 1.8.37.
Status
vulnerable
Previous vulnerability researches
Brid Video Easy Publish (CVE-2025-5237) , Jun 18, 2025
Brid Video Easy Publish (CVE-2025-32688) , Apr 29, 2025
Brid Video Easy Publish (CVE-2025-8072) , Apr 14, 2026
Brid Video Easy Publish (CVE-2024-13561) , Jan 31, 2025
Brid Video Easy Publish (CVE-2024-12076) , Jan 26, 2025
New vulnerability
Custom Blocks Constructor – Lazy Blocks (CVE-2026-1560) , Apr 15, 2026
Happy Addons for Elementor (CVE-2026-2917) , Apr 15, 2026
Happy Addons for Elementor (CVE-2026-1210) , Apr 15, 2026
Happy Addons for Elementor (CVE-2026-2918) , Apr 15, 2026
All-in-One Video Gallery (CVE-2026-1706) , Apr 15, 2026