Lucene search
K

416 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:25 a.m.7 views

CVE-2023-45272

Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73...

5.4CVSS5.1AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.8 views

CVE-2023-47807

Missing Authorization vulnerability in 10Web 10WebAnalytics wd-google-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through = 1.2.12...

4.3CVSS7.3AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.10 views

CVE-2023-2503

The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.00458EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:46 a.m.9 views

CVE-2022-4058

The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control...

5.4CVSS5.7AI score0.00244EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:59 p.m.14 views

CVE-2022-3300

The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

7.2CVSS7.3AI score0.01015EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.11 views

CVE-2021-24426

The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue...

4.8CVSS6.1AI score0.00626EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:42 p.m.12 views

CVE-2021-31693

The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via albumgalleryid0, bwgalbumsearch0, and type0 for bwgfrontenddata. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID becau...

6.5CVSS5.7AI score0.1445EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.9 views

CVE-2021-24526

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue...

5.4CVSS5.8AI score0.01091EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:56 p.m.11 views

CVE-2021-46889

The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via themeid for bwgfrontenddata. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693...

6.5CVSS5.9AI score0.1445EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/05/22 6:25 p.m.7 views

CVE-2021-25047

The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting XSS vulnerability in the wdiapplychanges admin page, allowing an attacker to perform such attack against any logged in users...

6.1CVSS5.6AI score0.008EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:34 p.m.6 views

CVE-2020-9335

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...

4.8CVSS6AI score0.01355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 a.m.9 views

CVE-2019-14313

A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php...

10CVSS8.6AI score0.04482EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 a.m.10 views

CVE-2019-14797

The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS...

5.4CVSS6.7AI score0.01295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:31 a.m.6 views

CVE-2019-14798

The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcodebwg tagtext parameter...

4.9CVSS7.1AI score0.0443EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 3:14 p.m.8 views

CVE-2025-48341

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Maker by 10Web form-maker allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through = 1.15.33...

5.9CVSS5.9AI score0.00183EPSS
Exploits0References1
NVD
NVD
added 2025/05/19 3:15 p.m.12 views

CVE-2025-48341

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Maker by 10Web form-maker allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through = 1.15.33...

5.9CVSS0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/19 2:55 p.m.16 views

CVE-2025-48341 WordPress Form Maker by 10Web plugin <= 1.15.33 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Maker by 10Web form-maker allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through = 1.15.33...

5.9CVSS0.00183EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 2:55 p.m.28 views

CVE-2025-48341

CVE-2025-48341 : A stored XSS in the WordPress plugin Form Maker by 10Web (versions ≤ 1.15.33) is caused by improper input neutralization during web page generation. The vulnerability affects the 10Web Form Maker component and requires authenticated access to exploit. A patch exists: upgrade to a...

5.9CVSS5.9AI score0.00183EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/19 3:10 a.m.4 views

WordPress Photo Gallery by 10Web plugin < 1.8.29 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Photo Gallery by 10Web versions 1.8.29...

4.8CVSS6AI score0.0032EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.6 views

PT-2025-21992 · 10Web · 10Web Form Maker

Name of the Vulnerable Software and Affected Versions: 10Web Form Maker by 10Web versions 1.15.33 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...

5.9CVSS5.7AI score0.00183EPSS
Exploits0References4
Rows per page
Query Builder