CVE-2026-27360 WordPress Photo Gallery by 10Web plugin <= 1.8.37 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

EUVD-2021-11953

Malware in sbrugna...

EUVD-2023-38455

Malicious code in bioql PyPI...

WordPress Photo Gallery by 10Web Plugin <= 1.8.30 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.30 Fixed in 1.8.31 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9878 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e0cf77477c6f Credits tmrswrr Require...

CVE-2024-44043 WordPress Photo Gallery by 10Web plugin <= 1.8.27 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27...

WordPress Form Maker by 10Web Plugin <= 1.15.27 is vulnerable to Cross Site Scripting (XSS)

Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.27 Fixed in 1.15.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8633 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e9307003321a Credits Joel Indra...

CVE-2024-7150 Slider by 10Web – Responsive Image Slider <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter

The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

WordPress Slider by 10Web Plugin < 1.2.56 is vulnerable to Cross Site Scripting (XSS)

Software Slider by 10Web Type Plugin Vulnerable versions 1.2.56 Fixed in 1.2.56 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6026 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f2d0a4740b24 Credits Dmitrii Ignatyev Require...

CVE-2024-6130 Form Maker by 10Web < 1.15.26 - Admin+ Stored XSS

The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Photo Gallery by 10Web Plugin <= 1.8.25 is vulnerable to Broken Access Control

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.25 Fixed in 1.8.26 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35628 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 904616965144 Credits Dhabaleshwar Das...

CVE-2024-34437 WordPress Form Maker by 10Web plugin <= 1.15.24 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.24...

WordPress Form Maker by 10Web plugin <= 1.15.24 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Huynh Tien Si Patchstack Alliance in WordPress Plugin Form Maker by 10Web versions = 1.15.24...

CVE-2024-2258 Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. Th...

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder < 1.15.24 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.15.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Photo Gallery by 10Web Plugin <= 1.8.21 is vulnerable to Cross Site Scripting (XSS)

Software Photo Gallery by 10Web Type Plugin Vulnerable versions = 1.8.21 Fixed in 1.8.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2296 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID db9d53f79206 Credits Jobert Krohnen...

CVE-2023-34375

Unauth. Reflected Cross-Site Scripting XSS vulnerability in 10Web SEO by 10Web plugin = 1.2.9 versions...

CVE-2023-45071 WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting XSS vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin = 1.15.18 versions...

CVE-2023-45070 WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin = 1.15.18 versions...

WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS)

Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.18 Fixed in 1.15.19 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45070 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2facf3676186 Credits RE-ALTER Required...

WordPress Form Maker by 10Web Plugin < 1.15.20 is vulnerable to Arbitrary File Upload

Software Form Maker by 10Web Type Plugin Vulnerable versions 1.15.20 Fixed in 1.15.20 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE N/A Patch priority High CVSS severity High 10 Developer Claim ownership PSID 385edba53528 Credits N/A Required privilege Unauthenticated...