CVE-2025-0613: Photo Gallery < 1.8.34 - Unauthenticated Stored XSS

Description

The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed

Classification

CVE ID: CVE-2025-0613

Problem Types

CWE-79 Cross-Site Scripting (XSS)

Affected Products

Vendor: Unknown

Product: Photo Gallery by 10Web

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 18.36% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0613
https://wpscan.com/vulnerability/22be2b44-cd42-4b02-8448-59dd2989dde1/

Timeline

2025-03-31 07:40:11 UTC
CVE

Photo Gallery < 1.8.34 - Unauthenticated Stored XSS