WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.43 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Muhammad Arsalan Diponegoro tripoloski in WordPress Plugin Form Maker by 10Web versions = 1.15.43...

openclaw-security-quiz

🔒 Security & Best Practices Quiz A mobile-friendly quiz app w...

WordPress plugin “Photo Gallery” by 10Web – Mobile-Friendly Image Gallery security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2024-27455

Malicious code in bioql PyPI...

Photo Gallery by 10Web – Mobile-Friendly Image Gallery < 1.8.24 - Authenticated (Contributor+) Path Traversal via esc_dir Function

Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the escdir function. This makes it possible for authenticated attackers to cut and paste copy the contents of arbitrary file...

CVE-2024-5481 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the escdir function. This makes it possible for authenticated attackers to cut and paste copy the contents of arbitrary files on the...

Photo Gallery by 10Web - Mobile-Friendly Image Gallery < 1.8.20 - Directory Traversal to Arbitrary File Rename

Description The plugin is vulnerable to Directory Traversal attacks via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. Note: By default this can be exploited by administrators only. In the premium version of the plugin,...

CVE-2023-45071

Unauth. Stored Cross-Site Scripting XSS vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin = 1.15.18 versions...

CVE-2023-45071

Unauth. Stored Cross-Site Scripting XSS vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin = 1.15.18 versions...

Cross site scripting

Unauth. Stored Cross-Site Scripting XSS vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin = 1.15.18 versions...

CVE-2023-45071 WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting XSS vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin = 1.15.18 versions...

CVE-2023-45070

CVE-2023-45070 affects WordPress Form Maker by 10Web (Mobile-Friendly Drag & Drop Contact Form Builder)

WordPress Mobile View for Responsive web design optimization (UX design) + Mobile Friendly Test Plugin < 1.2.8 is vulnerable to Cross Site Scripting (XSS)

Software Mobile View for Responsive web design optimization UX design + Mobile Friendly Test Type Plugin Vulnerable versions 1.2.8 Fixed in 1.2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim...

WordPress FullScreen Menu – Mobile Friendly and Responsive Plugin < 2.3.8 is vulnerable to Cross Site Scripting (XSS)

Software FullScreen Menu – Mobile Friendly and Responsive Type Plugin Vulnerable versions 2.3.8 Fixed in 2.3.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2c0779bc8b91 Credits...

WordPress Mobile View for Responsive web design optimization (UX design) + Mobile Friendly Test plugin <= 1.2.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Mobile View for Responsive web design optimization UX design + Mobile Friendly Test plugin versions = 1.2.3. Solution Update the WordPress Mobile View for Responsive web design optimization UX design +...

WordPress Mobile View for Responsive web design optimization (UX design) + Mobile Friendly Test plugin <= 1.2.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Mobile View for Responsive web design optimization UX design + Mobile Friendly Test plugin versions = 1.2.3. Solution Update the WordPress Mobile View for Responsive web design optimization UX design + Mobile Friendly Test...

WordPress FullScreen Menu – Mobile Friendly and Responsive plugin <= 2.2.7 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress FullScreen Menu – Mobile Friendly and Responsive plugin versions = 2.2.7. Solution Update the WordPress FullScreen Menu – Mobile Friendly and Responsive plugin to the latest available version at least 2.2.8...

CVE-2021-24363

CVE-2021-24363 affects the WordPress plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery, prior to version 1.5.75. The vulnerability arises from improper enforcement that uploaded files stay within the plugin’s uploads folder, enabling a path traversal that could allow high-privilege us...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. 10Web â€" A cross-site scripting vulnerabilit...

CVE-2021-24310

Affected product: Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin, vulnerable in versions before 1.5.67. Root cause: improper sanitisation of the gallery title, stemming from an incomplete fix of CVE-2019-16117. Impact: authenticated users with high privileges can inject X...