CVE-2019-16118

MEDIUM

10web Photo Gallery < 1.5.35 - Cross-Site Scripting via Options.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-16118. PoCs published by MTK.

AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in the WordPress Photo Gallery plugin by 10Web. The vulnerability allows an attacker to inject malicious JavaScript via the watermark text field, which is then executed when the page is viewed.

Description

Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.

Exploits (1)

exploitdb WRITEUP
by MTK · textwebappsphp
https://www.exploit-db.com/exploits/47373

This is a writeup describing a persistent XSS vulnerability in the WordPress Photo Gallery plugin by 10Web. The vulnerability allows an attacker to inject malicious JavaScript via the watermark text field, which is then executed when the page is viewed.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin Photo Gallery by 10Web <= 1.5.34
Auth required
Prerequisites: Access to WordPress admin panel · Photo Gallery plugin installed and activated
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 6.1
EPSS 0.0530
EPSS Percentile 91.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
10web/photo_gallery < 1.5.35
Published Sep 08, 2019
Tracked Since Feb 18, 2026