Lucene search
K

416 matches found

NVD
NVD
added 2025/01/02 3:15 p.m.7 views

CVE-2023-45272

Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73...

5.4CVSS0.0029EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/02 2:53 p.m.7 views

CVE-2023-45272 WordPress 10Web Map Builder for Google Maps plugin <= 1.0.73 - Notice Dismissal Vulnerability

Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73...

5.4CVSS5.1AI score0.0029EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/02 2:53 p.m.15 views

CVE-2023-45272 WordPress 10Web Map Builder for Google Maps plugin <= 1.0.73 - Notice Dismissal Vulnerability

Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73...

5.4CVSS0.0029EPSS
Exploits0References1
OSV
OSV
added 2024/12/13 3:15 p.m.4 views

CVE-2023-33995

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15...

4.3CVSS5.8AI score0.00498EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 3:15 p.m.21 views

CVE-2023-33995

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15...

4.3CVSS0.00498EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/13 2:23 p.m.26 views

CVE-2023-33995 WordPress Photo Gallery by 10Web plugin <= 1.8.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15...

4.3CVSS0.00498EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.4 views

WordPress plugin Photo Gallery by 10Web 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

4.3CVSS6.3AI score0.00498EPSS
Exploits0References1
NVD
NVD
added 2024/11/29 6:15 a.m.18 views

CVE-2024-10704

The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00369EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/29 6:0 a.m.21 views

CVE-2024-10704 Photo Gallery by 10Web < 1.8.31 - Admin+ Stored XSS

The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00369EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/29 6:0 a.m.14 views

CVE-2024-10704 Photo Gallery by 10Web < 1.8.31 - Admin+ Stored XSS

The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4AI score0.00369EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/29 12:0 a.m.5 views

PT-2024-16479 · 10Web · The Photo Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web versions prior to 1.8.31 Description: The issue concerns a Stored Cross-Site Scripting XSS vulnerability. It arises because the plugin does not properly sanitise and escape some of its settings, allowing...

4.8CVSS7.8AI score0.00369EPSS
Exploits1References7
Patchstack
Patchstack
added 2024/11/11 1:15 a.m.6 views

WordPress Form Maker by 10Web plugin <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability

Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by vgo0 in WordPress Plugin Form Maker by 10Web versions = 1.15.30...

6.1CVSS6.3AI score0.00363EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/11/10 12:30 p.m.41 views

CVE-2024-10265 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for...

6.1CVSS0.00363EPSS
Exploits0References4
CVE
CVE
added 2024/11/10 12:30 p.m.57 views

CVE-2024-10265

CVE-2024-10265 affects the Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder for WordPress. It enables a Reflected Cross‑Site Scripting via the use of add_query_arg without proper escaping in the URL, impacting all versions up to and including 1.15.30. Unauthenticated attacke...

6.1CVSS6AI score0.00363EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/11/05 10:21 a.m.33 views

CVE-2024-9878

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.8CVSS0.00419EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/11/05 9:30 a.m.10 views

CVE-2024-9878 Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.8AI score0.00419EPSS
Exploits1References3
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.16 views

WordPress Photo Gallery by 10Web Plugin <= 1.8.30 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.30 Fixed in 1.8.31 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9878 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e0cf77477c6f Credits tmrswrr Require...

4.8CVSS5.8AI score0.00419EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2024/10/25 6:51 a.m.58 views

CVE-2024-9607

The CVE CVE-2024-9607 affects the WordPress plugin 10Web Social Post Feed (versions

6.1CVSS6.2AI score0.00291EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/10/25 6:51 a.m.28 views

CVE-2024-9607 10Web Social Post Feed <= 1.2.9 - Reflected Cross-Site Scripting

The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS0.00291EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/25 6:51 a.m.11 views

CVE-2024-9607 10Web Social Post Feed <= 1.2.9 - Reflected Cross-Site Scripting

The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS6.4AI score0.00291EPSS
Exploits0References2
Rows per page
Query Builder