2022-05-02 16:05:58
WPScan
PUBLISHED
The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET[image_url] variable, which is reflected back to the users when executing the editimage_bwg AJAX action.