416 matches found
CVE-2023-45272
Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73...
CVE-2023-45272 WordPress 10Web Map Builder for Google Maps plugin <= 1.0.73 - Notice Dismissal Vulnerability
Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73...
CVE-2023-45272 WordPress 10Web Map Builder for Google Maps plugin <= 1.0.73 - Notice Dismissal Vulnerability
Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73...
CVE-2023-33995
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15...
CVE-2023-33995
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15...
CVE-2023-33995 WordPress Photo Gallery by 10Web plugin <= 1.8.15 - Broken Access Control vulnerability
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15...
WordPress plugin Photo Gallery by 10Web 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...
CVE-2024-10704
The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10704 Photo Gallery by 10Web < 1.8.31 - Admin+ Stored XSS
The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10704 Photo Gallery by 10Web < 1.8.31 - Admin+ Stored XSS
The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2024-16479 · 10Web · The Photo Gallery
Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web versions prior to 1.8.31 Description: The issue concerns a Stored Cross-Site Scripting XSS vulnerability. It arises because the plugin does not properly sanitise and escape some of its settings, allowing...
WordPress Form Maker by 10Web plugin <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability
Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by vgo0 in WordPress Plugin Form Maker by 10Web versions = 1.15.30...
CVE-2024-10265 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for...
CVE-2024-10265
CVE-2024-10265 affects the Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder for WordPress. It enables a Reflected Cross‑Site Scripting via the use of add_query_arg without proper escaping in the URL, impacting all versions up to and including 1.15.30. Unauthenticated attacke...
CVE-2024-9878
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-9878 Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WordPress Photo Gallery by 10Web Plugin <= 1.8.30 is vulnerable to Cross Site Scripting (XSS)
Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.30 Fixed in 1.8.31 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9878 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e0cf77477c6f Credits tmrswrr Require...
CVE-2024-9607
The CVE CVE-2024-9607 affects the WordPress plugin 10Web Social Post Feed (versions
CVE-2024-9607 10Web Social Post Feed <= 1.2.9 - Reflected Cross-Site Scripting
The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
CVE-2024-9607 10Web Social Post Feed <= 1.2.9 - Reflected Cross-Site Scripting
The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...