cleantalk
Vulnerabilities and Security Researches

Photo Gallery by 10Web – Mobile-Friendly Image Gallery, CVE-2024-29810

CVE, Research URL

CVE-2024-29810

Home page URL

Security reports for Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Application

Photo Gallery by 10Web – Mobile-Friendly Image Gallery

Published on
Mar 26, 2024
Research Description
The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumb_url parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The attacker must target a an authenticated user with permissions to access this component to exploit this issue.
Affected versions
Min -, max 1.8.22.
Status
vulnerable
Previous vulnerability researches
Social Photo Gallery (CVE-2019-14467) , Jun 06, 2024
Photo Gallery ( Responsive ) (CVE-2025-27276) , Feb 26, 2025
Image Gallery – Responsive Photo Gallery (CVE-2025-24697) , Feb 05, 2025
Image Gallery – Responsive Photo Gallery (CVE-2024-12403) , Jan 16, 2025
ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5 (CVE-2023-1427) , Jun 06, 2024
New vulnerability
Email Notifications for Updates (CVE-2025-26741) , Apr 17, 2025
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-2314) , Apr 17, 2025
hockeydata LOS (CVE-2025-26889) , Apr 17, 2025
Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin (CVE-2025-27011) , Apr 17, 2025
Paid Videochat Turnkey Site – HTML5 PPV Live Webcams (CVE-2025-31380) , Apr 17, 2025