A vulnerability was found in 10Web Photo Gallery Plugin up to 1.8.41 on WordPress. It has been declared as critical . Affected is an unknown function. Executing a manipulation can lead to sql injection. This vulnerability is registered as CVE-2026-49771 . It is possible to launch the attack remotely. No exploit is available.