WordPress Photo Gallery by 10Web plugin

7.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection.

This issue affects Photo Gallery by 10Web: from n/a through 1.8.41.

Basic Information

ID CVE-2026-49771

Source Patchstack

Published Jun 4, 2026 at 09:49

Affected Product

Vendor 10Web

Product Photo Gallery by 10Web

Version n/a

Affected Versions 10Web Photo Gallery by 10Web n/a

CWE Classification

CWE-89

References

patchstack.com /database/wordpress/plugin/photo-gallery/vulnerability/wordpress-photo-gallery-by-10web-plugin-1-8-41-sql-injection-vulnerability

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection.\n\nThis issue affects Photo Gallery by 10Web: from n/a through 1.8.41.",
    "published": "2026-06-04T09:49:49.368Z",
    "modified": "2026-06-04T09:49:49.368Z",
    "type": "cve",
    "title": "WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/photo-gallery/vulnerability/wordpress-photo-gallery-by-10web-plugin-1-8-41-sql-injection-vulnerability?_s_id=cve",
    "id": "CVE-2026-49771",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "10Web Photo Gallery by 10Web n/a",
    "sourceHref": "",
    "cvss": {
        "score": 7.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Photo Gallery by 10Web",
    "version": "n/a",
    "vendor": "10Web",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability_CVE-2026-49771