CVE-2026-7048 | 10web Photo Gallery Plugin up to 1.8.40 on WordPress Shortcode order_by sql injection

A vulnerability was found in 10web Photo Gallery Plugin up to 1.8.40 on WordPress and classified as critical. Impacted is an unknown function of the component Shortcode Handler. Such manipulation of the argument order_by leads to sql injection.

This vulnerability is traded as CVE-2026-7048. The attack may be launched remotely. There is no exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More