A vulnerability categorized as critical has been discovered in 10web Photo Gallery Plugin up to 1.8.41 on WordPress. The affected element is an unknown function of the component AJAX Handler . Executing a manipulation of the argument page can lead to sql injection. The identification of this vulnerability is CVE-2026-9829 . The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.