Description
Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.
Published: 2026-03-13
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Request Forgery (CSRF)
Action: Patch
AI Analysis

Impact

A Cross‑Site Request Forgery (CSRF) vulnerability exists in the 10Web Photo Gallery plugin up to version 1.8.37. The flaw allows an attacker to trick a user into submitting a request that the plugin processes as if the user had intentionally performed that action. The potential impact is the covert execution of privileged actions—such as modifying gallery settings, uploading content, or deleting existing entries—within the victim’s account.

Affected Systems

The affected product is 10Web’s Photo Gallery by 10Web plugin, specifically all releases from the initial version up to and including 1.8.37.

Risk and Exploitability

The CVSS score is 4.3, indicating a medium severity impact. EPSS is listed as less than 1 %, suggesting a low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an attacker co‑axing an authenticated user to visit a malicious page that submits a forged request to the vulnerable plugin. No additional exploitation prerequisites are described in the available data.

Generated by OpenCVE AI on March 19, 2026 at 15:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Photo Gallery by 10Web to a version newer than 1.8.37 (for example, 1.8.38 if released).
  • Consult the plugin’s release notes or 10Web support for the official patch and apply it immediately.

Generated by OpenCVE AI on March 19, 2026 at 15:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared 10web
10web photo Gallery
Wordpress
Wordpress wordpress
Vendors & Products 10web
10web photo Gallery
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through <= 1.8.37.
Title WordPress Photo Gallery by 10Web plugin <= 1.8.37 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References

Subscriptions

10web Photo Gallery
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:52.358Z

Reserved: 2026-03-12T11:10:25.225Z

Link: CVE-2026-32330

cve-icon Vulnrichment

Updated: 2026-03-13T19:56:21.508Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:43.427

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32330

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:23Z

Weaknesses