Primary

Context

Photo Gallery by 10Web WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Comment Deletion

Vulnerability

Patched

A vulnerability exists in the Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress, in all versions through 1.8.36. The issue arises from a missing capability check in the delete_comment() function, allowing unauthenticated attackers to delete arbitrary image comments. This vulnerability affects only the Pro version of the plugin, where the comments feature is available.

Impact

Exploitation of this vulnerability allows for the unauthorized deletion of image comments, potentially disrupting user interactions and feedback on the associated images.

Remediation

Users are advised to update the plugin to version 1.8.37 or a newer patched version.

Added: Jan 22, 2026, 12:19 AM

Updated: Jan 22, 2026, 12:19 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.8

remediation

7.7

relevance

2.3

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.8

remediation

7.7

relevance

2.3

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Photo Gallery by 10Web WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Comment Deletion

Vulnerability

Impact

Remediation

Affected Products

10Web Photo Gallery by 10Web

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating