CVE-2024-5481

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the escdir function. This makes it possible for authenticated attackers to cut and paste copy the contents of arbitrary files on the...

CVE-2024-5481

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the escdir function. This makes it possible for authenticated attackers to cut and paste copy the contents of arbitrary files on the...

WordPress Photo Gallery by 10Web plugin <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function vulnerability

Authenticated Contributor+ Path Traversal via escdir Function vulnerability discovered by Tobias Weißhaar kun19 in WordPress Plugin Photo Gallery by 10Web versions = 1.8.23...

WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Photo Gallery by 10Web versions = 1.8.25...

WordPress Form Maker by 10Web plugin <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Self-Based Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Form Maker by 10Web versions = 1.15.24...

WordPress Photo Gallery by 10Web plugin <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via SVG vulnerability discovered by Jobert Krohnen in WordPress Plugin Photo Gallery by 10Web versions = 1.8.21...

WordPress Plugin SEO by 10Web Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-4666

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE...

WordPress Plugin SEO by 10Web 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-19880 · 10Web · 10Web Social Post Feed

Name of the Vulnerable Software and Affected Versions: 10Web Social Post Feed WordPress plugin versions prior to 1.2.9 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because some parameters are not properly sanitised and escaped before being outputted bac...

WordPress plugin Image Optimizer by 10web 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A path traversal vulnerability in the WordPress plugin...

CVE-2022-1564

The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-1564

The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-1320

The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-1282

The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $GET'imageurl' variable, which is reflected back to the users when executing the editimagebwg AJAX action...

CVE-2021-24526

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue...

CVE-2021-24363

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector...

CVE-2021-24362

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will b...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. Backup by 10Web WordPress Plugin 1.0.20 and earlier has...

Wordpress Slider by 10Web SQL注入漏洞

Wordpress Slider by 10Web is an open source application plugin for Wordpress. Provides a versatile solution for adding a fast loading, responsive and SEO friendly slider to website pages, posts, theme headers or any other location. Slider by 10Web WordPress plugin versions prior to 1.2.36 suffers...