Lucene search
K

198 matches found

ATTACKERKB
ATTACKERKB
added 2024/08/12 10:15 p.m.5 views

CVE-2024-43220

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26...

7.1CVSS5.2AI score0.0029EPSS
Exploits0References2
OSV
OSV
added 2024/08/12 10:15 p.m.3 views

CVE-2024-43220

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26...

6.1CVSS5.8AI score0.0029EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.4 views

PT-2024-30384 · 10Web · Form Maker

Name of the Vulnerable Software and Affected Versions: Form Maker by 10Web versions 1.15.26 and earlier Description: This issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. It allows Reflected XSS, which can be exploited by...

7.1CVSS6.4AI score0.0029EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/08/09 12:0 p.m.4 views

WordPress Form Maker by 10Web plugin <= 1.15.26 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Form Maker by 10Web versions = 1.15.26...

7.1CVSS6.1AI score0.0029EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/08 2:33 a.m.3 views

WordPress Slider by 10Web plugin <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter vulnerability

Authenticated Contributor+ SQL Injection via id Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Slider by 10Web versions = 1.2.57...

8.8CVSS8.1AI score0.00568EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/08/08 12:0 a.m.5 views

WordPress plugin Slider by 10Web – Responsive Image Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS6.8AI score0.00568EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.5 views

PT-2024-38112 · 10Web · The Slider By 10Web

Name of the Vulnerable Software and Affected Versions: The Slider by 10Web – Responsive Image Slider plugin for WordPress versions up to, and including, 1.2.57 Description: The issue is related to time-based SQL Injection via the id parameter due to insufficient escaping on the user-supplied...

8.8CVSS7.3AI score0.00568EPSS
Exploits0References9
OSV
OSV
added 2024/07/31 6:15 a.m.3 views

CVE-2024-6408

The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

5.4CVSS5.8AI score0.00369EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/07/11 9:50 a.m.4 views

WordPress Slider by 10Web plugin < 1.2.56 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Slider by 10Web versions 1.2.56...

6.1CVSS6.1AI score0.00375EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/07/11 6:15 a.m.5 views

CVE-2024-6026

The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options and th...

5.4CVSS5.8AI score0.00375EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.2 views

WordPress plugin Slider by 10Web Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

6.1CVSS6.8AI score0.00375EPSS
Exploits1References2
OSV
OSV
added 2024/06/11 3:16 p.m.4 views

CVE-2024-35628

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25...

4.3CVSS5.8AI score0.00346EPSS
Exploits0References1
OSV
OSV
added 2024/06/07 10:15 a.m.6 views

CVE-2024-5426

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00314EPSS
Exploits0References4
OSV
OSV
added 2024/06/07 10:15 a.m.5 views

CVE-2024-5481

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the escdir function. This makes it possible for authenticated attackers to cut and paste copy the contents of arbitrary files on the...

8.8CVSS5.9AI score0.00727EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2024/06/07 10:15 a.m.5 views

CVE-2024-5481

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the escdir function. This makes it possible for authenticated attackers to cut and paste copy the contents of arbitrary files on the...

8.8CVSS6AI score0.00727EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/06/07 2:16 a.m.7 views

WordPress Photo Gallery by 10Web plugin <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function vulnerability

Authenticated Contributor+ Path Traversal via escdir Function vulnerability discovered by Tobias Weißhaar kun19 in WordPress Plugin Photo Gallery by 10Web versions = 1.8.23...

8.8CVSS7AI score0.00727EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/27 8:45 a.m.4 views

WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Photo Gallery by 10Web versions = 1.8.25...

4.3CVSS7AI score0.00346EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/05/14 3:39 p.m.4 views

CVE-2024-34437

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.24...

4.8CVSS5.8AI score0.00447EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

WordPress plugin Form Maker by 10Web 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS6AI score0.00447EPSS
Exploits0References3
OSV
OSV
added 2024/04/29 1:15 p.m.3 views

CVE-2024-33586

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20...

5.3CVSS5.8AI score0.00372EPSS
Exploits0References1
Rows per page
Query Builder