Description
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery version 1.5.24 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.5.25 or latest
References
Related Vulnerabilities
WordPress Plugin Photo Gallery-Image Gallery by Ape Security Bypass (2.0.6)
WordPress Plugin Efence Multiple Cross-Site Scripting Vulnerabilities (1.3.2)
WordPress Plugin Booking Calendar-Clockwork SMS Cross-Site Scripting (1.0.5)
WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.2)
WordPress Plugin Email Encoder-Protect Email Addresses Cross-Site Scripting (1.4.1)