Lucene search
K

198 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/13 11:41 a.m.3 views

CVE-2026-32330

Cross-Site Request Forgery CSRF vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

5.8AI score0.00107EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.8 views

WordPress plugin Photo Gallery by 10Web 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.7AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 1:31 a.m.7 views

CVE-2026-27360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.38...

5.9CVSS5.9AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 9:18 p.m.7 views

CVE-2026-27360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.38...

5.9CVSS0.00195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/19 8:35 p.m.4 views

CVE-2026-27360

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

5.5AI score0.00195EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 8:35 p.m.16 views

CVE-2026-27360

The CVE describes an XSS flaw in the WordPress Photo Gallery by 10Web plugin, caused by improper input neutralization during web page generation. Affected component: the Photo Gallery by 10Web plugin (WordPress) with versions

5.9CVSS5.9AI score0.00195EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

WordPress plugin Photo Gallery by 10Web 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.9CVSS5.6AI score0.00195EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.14 views

PT-2026-20932

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

5.5AI score0.00195EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/06 7:29 a.m.7 views

WordPress Form Maker by 10Web plugin <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field vulnerability

Unauthenticated Stored Cross-Site Scripting via Hidden Field vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Form Maker by 10Web versions = 1.15.35...

7.1CVSS5.3AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/06 7:0 a.m.6 views

WordPress Form Maker by 10Web plugin <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG file vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Form Maker by 10Web versions = 1.15.35...

7.2CVSS5.3AI score0.00338EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/02/03 6:38 a.m.22 views

CVE-2026-1058

The vulnerability CVE-2026-1058 affects the WordPress Form Maker plugin by 10Web. A stored XSS exists in all versions up to 1.15.35 due to insufficient escaping of hidden field values in the admin submissions list; html_entity_decode() is applied to user-supplied hidden field values without prope...

7.1CVSS5.6AI score0.0032EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/03 6:38 a.m.3 views

CVE-2026-1058 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses htmlentitydecode o...

7.1CVSS5.6AI score0.0032EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/03 6:38 a.m.29 views

CVE-2026-1065 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...

7.2CVSS0.00338EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:38 a.m.2 views

CVE-2026-1065

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...

7.2CVSS5.5AI score0.00338EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/03 6:38 a.m.3 views

CVE-2026-1065 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...

7.2CVSS5.5AI score0.00338EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

WordPress plugin Form Maker by 10Web 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.2CVSS5.9AI score0.00338EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/01/30 6:24 a.m.6 views

WordPress Photo Gallery by 10Web plugin < 1.8.31 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Photo Gallery by 10Web versions 1.8.31...

4.8CVSS5.9AI score0.00369EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/01/21 11:23 p.m.22 views

CVE-2026-1036

CVE-2026-1036 (Photo Gallery by 10Web – WordPress) is confirmed in connected sources as a real vulnerability. The WordPress plugin is vulnerable to unauthorized modification of data via delete_comment(), due to a missing capability check. All versions up to and including 1.8.36 are affected. The ...

5.3CVSS5.7AI score0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/21 11:23 p.m.26 views

CVE-2026-1036 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00219EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/21 11:23 p.m.4 views

CVE-2026-1036 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

5.3CVSS5.7AI score0.00219EPSS
Exploits0References2
Rows per page
Query Builder