Lucene search
K

60 matches found

CNNVD
CNNVD
added 2026/03/13 12:0 a.m.8 views

WordPress plugin Photo Gallery by 10Web 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.7AI score0.00107EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Photo Gallery by 10Web 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.9CVSS5.6AI score0.00195EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/06 7:0 a.m.6 views

WordPress Form Maker by 10Web plugin <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG file vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Form Maker by 10Web versions = 1.15.35...

7.2CVSS5.3AI score0.00338EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 6:38 a.m.3 views

CVE-2026-1058 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses htmlentitydecode o...

7.1CVSS5.6AI score0.0032EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/03 6:38 a.m.3 views

CVE-2026-1065 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...

7.2CVSS5.5AI score0.00338EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/01/30 6:24 a.m.6 views

WordPress Photo Gallery by 10Web plugin < 1.8.31 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Photo Gallery by 10Web versions 1.8.31...

4.8CVSS5.9AI score0.00369EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/01/21 11:23 p.m.24 views

CVE-2026-1036 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00219EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/21 11:23 p.m.3 views

CVE-2026-1036 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

5.3CVSS5.7AI score0.00219EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/25 5:1 p.m.5 views

WordPress Photo Gallery by 10Web plugin <= 1.8.38 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tabulra in WordPress Plugin Photo Gallery by 10Web versions = 1.8.38...

5.9CVSS5.3AI score0.00195EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.6 views

CVE-2024-10704

The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00369EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/03/25 6:45 a.m.7 views

WordPress Slider by 10Web plugin < 1.2.62 - Admin+ Stored XSS via Widget vulnerability

Admin+ Stored XSS via Widget vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Slider by 10Web versions 1.2.62...

6.1CVSS8AI score0.00313EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/25 6:15 a.m.2 views

CVE-2024-10560

The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.8AI score0.003EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/03/24 8:58 a.m.3 views

WordPress Photo Gallery by 10Web plugin < 1.8.33 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Photo Gallery by 10Web versions 1.8.33...

3.5CVSS6.1AI score0.00247EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/02/24 10:29 p.m.5 views

WordPress Form Maker by 10Web plugin < 1.15.33 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Form Maker by 10Web versions 1.15.33...

4.8CVSS6.1AI score0.00334EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/11/10 12:0 a.m.4 views

WordPress plugin Form Maker by 10Web 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS7.5AI score0.00363EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/06 12:0 a.m.5 views

WordPress plugin Photo Gallery by 10Web 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

5.9CVSS5.9AI score0.00287EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/09 12:0 p.m.4 views

WordPress Form Maker by 10Web plugin <= 1.15.26 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Form Maker by 10Web versions = 1.15.26...

7.1CVSS6.1AI score0.0029EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.5 views

PT-2024-38112 · 10Web · The Slider By 10Web

Name of the Vulnerable Software and Affected Versions: The Slider by 10Web – Responsive Image Slider plugin for WordPress versions up to, and including, 1.2.57 Description: The issue is related to time-based SQL Injection via the id parameter due to insufficient escaping on the user-supplied...

8.8CVSS7.3AI score0.00568EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/07/11 9:50 a.m.4 views

WordPress Slider by 10Web plugin < 1.2.56 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Slider by 10Web versions 1.2.56...

6.1CVSS6.1AI score0.00375EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/07/11 6:15 a.m.4 views

CVE-2024-6026

The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options and th...

5.4CVSS5.8AI score0.00375EPSS
Exploits1References1
Rows per page
Query Builder