CVE-2025-0613

Name of the Vulnerable Software and Affected Versions The Photo Gallery by 10Web WordPress plugin versions prior to 1.8.34

Description The issue arises from the lack of sanitization and escaping of comments added to images by unauthenticated users, leading to an Unauthenticated Stored-XSS attack when these comments are displayed.

Recommendations For versions prior to 1.8.34, update to version 1.8.34 or later to resolve the issue. As a temporary workaround, consider disabling the comment feature on images until the update is applied. Restrict access to image comments to minimize the risk of exploitation. Avoid displaying unauthenticated user comments on images until the issue is resolved.