198 matches found
10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion
The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service. id: CVE-2023-5559 info: name: 10Web Booster 2.24.18 - Unauthenticated Arbitra...
10Web Photo Gallery < 1.5.55 - SQL Injection
WordPress plugin 10Web Photo Gallery versions before 1.5.55 contains a SQL injection caused by unvalidated input in the 'bwgsearchx' parameter in frontend/models/model.php, letting attackers execute arbitrary SQL commands, exploit requires attacker to control the 'bwgsearchx' parameter. id:...
WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection
The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection id: CVE-2023-0037 info: name: WordPress 10Web Map...
CVE-2026-11777
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-11776
The CVE covers the WordPress plugin Form Maker by 10Web (Mobile‑Friendly Drag & Drop Contact Form Builder). The vulnerability is a generic SQL Injection in the handling of the groupids parameter, in all versions up to and including 1.15.43, due to insufficient escaping of user input and lack of p...
CVE-2026-11776 Form Maker by 10Web <= 1.15.43 - Authenticated (Adminsitrator+) SQL Injection via 'groupids' Parameter
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'groupids' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-11777 Form Maker by 10Web <= 1.15.43 - Authenticated (Administrator+) SQL Injection via 'name' Parameter
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-11777
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-11777
Form Maker by 10Web (WordPress) 導插件 Form Maker, versions up to 1.15.43, is vulnerable to a generic SQL Injection via the name parameter due to insufficient escaping and lack of prepared statements. The vulnerability allows an authenticated attacker with administrator-level access to append additi...
WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.43 - Authenticated (Adminsitrator+) SQL Injection vulnerability
Authenticated Adminsitrator+ SQL Injection vulnerability discovered by Muhammad Arsalan Diponegoro tripoloski in WordPress Plugin Form Maker by 10Web versions = 1.15.43...
WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.43 - Authenticated (Administrator+) SQL Injection vulnerability
Authenticated Administrator+ SQL Injection vulnerability discovered by Muhammad Arsalan Diponegoro tripoloski in WordPress Plugin Form Maker by 10Web versions = 1.15.43...
EUVD-2026-36947
Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...
CVE-2026-39502
Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...
CVE-2026-39502 WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability
Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...
CVE-2026-39502 WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability
Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...
CVE-2026-39502
This CVE concerns the WordPress plugin Form Maker by 10Web (versions <= 1.15.38). The issue is described as an Unauthenticated SQL Injection vulnerability in Form Maker by 10Web
PT-2026-49387
Unauthenticated SQL Injection in Form Maker by 10Web = 1.15.38 versions...
CVE-2026-9829
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-9829 Photo Gallery by 10Web <= 1.8.41 - Authenticated (Contributor+) SQL Injection via 'compact_album_order_by' Shortcode Parameter
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-9829
CVE-2026-9829 affects the WordPress plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery up to version 1.8.41. The flaw is a time-based SQL Injection in the compact_album_order_by shortcode parameter caused by insufficient escaping and lack of parameterized queries. Exploitation requires...