cleantalk
Vulnerabilities and Security Researches

Photo Gallery by 10Web – Mobile-Friendly Image Gallery, CVE-2026-1036

CVE, Research URL

CVE-2026-1036

Home page URL

Security reports for Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Application

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Published on
Jan 22, 2026
Research Description
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_comment() function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to delete arbitrary image comments. Note: comments functionality is only available in the Pro version of the plugin.
Affected versions
max 1.8.37.
Status
vulnerable
Previous vulnerability researches
Doofinder WP & WooCommerce Search (CVE-2023-40602) , Jun 07, 2024
Doofinder WP & WooCommerce Search (CVE-2023-49185) , Jun 07, 2024
Doofinder WP & WooCommerce Search (CVE-2023-51678) , Jun 07, 2024
Doofinder WP & WooCommerce Search (CVE-2024-25596) , Jun 07, 2024
Doofinder WP & WooCommerce Search (CVE-2026-39542) , Apr 14, 2026
New vulnerability
All-in-One Video Gallery (CVE-2026-1706) , Apr 15, 2026
Simple Membership (CVE-2026-34886) , Apr 15, 2026
Simple Membership (CVE-2026-1461) , Apr 15, 2026
WP-DownloadManager (CVE-2026-2426) , Apr 15, 2026
WP-DownloadManager (CVE-2026-2419) , Apr 15, 2026