Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

WordPress Photo Gallery by 10Web Authenticated SQL Injection via order_by (CVE-2026-7048)

www.wordfence.com 2026-05-29English translation pending; showing Chinese查看中文 →
Security AdvisoryCVE-2026-7048Medium10Web
Affected:
  • Photo Gallery by 10Web <= 1.8.40
Fixed in:
  • 1.8.41
Referenced CVEs: CVE-2026-7048 · 6.5
文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive
This content was auto-fetched from www.wordfence.com, cleaned by our LLM pipeline, and translated to English. View original.
More from this source
Equalize Digital Accessibility Checker <=1.42.0 Missing Authorization Vulnerability (CVE-2026-9015) 2026-05-30 Frontend Admin <= 3.28.28 Authenticated SQL Injection in 'order' Parameter (CVE-2026-10039) 2026-05-30 CVE-2025-9189: Unauthenticated Payment Bypass in Contact Form 7 PayPal & Stripe Add-on 2026-05-29 CVE-2025-14481 Yoast SEO IDOR Sensitive Information Exposure 2026-05-29 CVE-2026-6275: WordPress StatCounter <= 2.1.1 Authenticated Stored XSS 2026-05-29
Offline Archive

Offline screenshot & PDF are Pro-exclusive

Upgrade to Pro