Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-0613

The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed

Published

2025-03-31T06:15:29.463

Last Modified

2025-05-13T13:29:46.120

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	10web	photo_gallery	< 1.8.34	Yes

References

https://wpscan.com/vulnerability/22be2b44-cd42-4b02-8448-59dd2989dde1/ Exploit, Third Party Advisory ([email protected])