198 matches found
CVE-2024-43220
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26...
CVE-2024-43220
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26...
PT-2024-30384 · 10Web · Form Maker
Name of the Vulnerable Software and Affected Versions: Form Maker by 10Web versions 1.15.26 and earlier Description: This issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. It allows Reflected XSS, which can be exploited by...
WordPress Form Maker by 10Web plugin <= 1.15.26 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Form Maker by 10Web versions = 1.15.26...
WordPress Slider by 10Web plugin <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter vulnerability
Authenticated Contributor+ SQL Injection via id Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Slider by 10Web versions = 1.2.57...
WordPress plugin Slider by 10Web – Responsive Image Slider 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-38112 · 10Web · The Slider By 10Web
Name of the Vulnerable Software and Affected Versions: The Slider by 10Web – Responsive Image Slider plugin for WordPress versions up to, and including, 1.2.57 Description: The issue is related to time-based SQL Injection via the id parameter due to insufficient escaping on the user-supplied...
CVE-2024-6408
The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
WordPress Slider by 10Web plugin < 1.2.56 - Editor+ Stored XSS vulnerability
Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Slider by 10Web versions 1.2.56...
CVE-2024-6026
The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options and th...
WordPress plugin Slider by 10Web Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2024-35628
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25...
CVE-2024-5426
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-5481
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the escdir function. This makes it possible for authenticated attackers to cut and paste copy the contents of arbitrary files on the...
CVE-2024-5481
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the escdir function. This makes it possible for authenticated attackers to cut and paste copy the contents of arbitrary files on the...
WordPress Photo Gallery by 10Web plugin <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function vulnerability
Authenticated Contributor+ Path Traversal via escdir Function vulnerability discovered by Tobias Weißhaar kun19 in WordPress Plugin Photo Gallery by 10Web versions = 1.8.23...
WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Photo Gallery by 10Web versions = 1.8.25...
CVE-2024-34437
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.24...
WordPress plugin Form Maker by 10Web 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2024-33586
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20...