416 matches found
CVE-2023-45272
Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73...
CVE-2023-47807
Missing Authorization vulnerability in 10Web 10WebAnalytics wd-google-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through = 1.2.12...
CVE-2023-2503
The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2022-4058
The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control...
CVE-2022-3300
The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
CVE-2021-24426
The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue...
CVE-2021-31693
The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via albumgalleryid0, bwgalbumsearch0, and type0 for bwgfrontenddata. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID becau...
CVE-2021-24526
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue...
CVE-2021-46889
The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via themeid for bwgfrontenddata. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693...
CVE-2021-25047
The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting XSS vulnerability in the wdiapplychanges admin page, allowing an attacker to perform such attack against any logged in users...
CVE-2020-9335
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...
CVE-2019-14313
A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php...
CVE-2019-14797
The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS...
CVE-2019-14798
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcodebwg tagtext parameter...
CVE-2025-48341
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Maker by 10Web form-maker allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through = 1.15.33...
CVE-2025-48341
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Maker by 10Web form-maker allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through = 1.15.33...
CVE-2025-48341 WordPress Form Maker by 10Web plugin <= 1.15.33 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Maker by 10Web form-maker allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through = 1.15.33...
CVE-2025-48341
CVE-2025-48341 : A stored XSS in the WordPress plugin Form Maker by 10Web (versions ≤ 1.15.33) is caused by improper input neutralization during web page generation. The vulnerability affects the 10Web Form Maker component and requires authenticated access to exploit. A patch exists: upgrade to a...
WordPress Photo Gallery by 10Web plugin < 1.8.29 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Photo Gallery by 10Web versions 1.8.29...
PT-2025-21992 · 10Web · 10Web Form Maker
Name of the Vulnerable Software and Affected Versions: 10Web Form Maker by 10Web versions 1.15.33 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...