CVE-2025-0613
Photo Gallery < 1.8.34 - Unauthenticated Stored XSS
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
31 Mar 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when comments are displayed
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
Unknown · Photo Gallery by 10Web