Lucene search
+L

198 matches found

Patchstack
Patchstack
added 2024/04/29 10:40 a.m.6 views

WordPress Form Maker by 10Web plugin <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Self-Based Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Form Maker by 10Web versions = 1.15.24...

5.4CVSS6.1AI score0.00355EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/04/27 12:0 a.m.4 views

WordPress plugin Form Maker by 10Web 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability exists in...

5.4CVSS6.7AI score0.00355EPSS
Exploits0References3
OSV
OSV
added 2024/04/18 10:15 a.m.6 views

CVE-2024-32583

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21...

6.1CVSS5.8AI score0.00345EPSS
Exploits0References1
OSV
OSV
added 2024/04/18 10:15 a.m.3 views

CVE-2024-32578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web: from n/a through 1.2.54...

6.1CVSS5.8AI score0.00522EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.5 views

WordPress Plugin Slider by 10Web 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.1CVSS6AI score0.00522EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.7 views

PT-2024-24699 · 10Web · 10Web Slider

Name of the Vulnerable Software and Affected Versions: 10Web Slider by 10Web versions 1.2.54 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For versio...

7.1CVSS6.5AI score0.00522EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/18 12:0 a.m.6 views

PT-2024-24705 · 10Web · Photo Gallery

Name of the Vulnerable Software and Affected Versions: Photo Gallery by 10Web versions 1.8.21 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For...

7.1CVSS6.8AI score0.00345EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.4 views

WordPress Plugin Photo Gallery by 10Web 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

7.1CVSS6.1AI score0.00345EPSS
Exploits0References2
OSV
OSV
added 2024/04/17 9:15 a.m.6 views

CVE-2024-32534

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.23...

4.8CVSS5.8AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2024/04/09 7:15 p.m.4 views

CVE-2024-2112

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive...

7.5CVSS7.3AI score0.00699EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/08 5:20 a.m.9 views

WordPress Photo Gallery by 10Web plugin <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via SVG vulnerability discovered by Jobert Krohnen in WordPress Plugin Photo Gallery by 10Web versions = 1.8.21...

5.5CVSS5.8AI score0.00436EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.9 views

PT-2024-15159 · 10Web · 10Web Ai Assistant

Name of the Vulnerable Software and Affected Versions: 10Web AI Assistant versions up to, and including, 1.0.18 Description: The issue allows authenticated attackers with subscriber-level access and above to install arbitrary plugins, potentially gaining further access to a compromised site. This...

8.8CVSS8.7AI score0.01365EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.5 views

WordPress plugin Photo Gallery by 10Web security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

9.1CVSS6.8AI score0.01312EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/01/27 12:0 a.m.5 views

WordPress plugin Form Maker by 10Web Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.3CVSS6.6AI score0.00229EPSS
Exploits0References4
OSV
OSV
added 2023/11/27 5:15 p.m.3 views

CVE-2023-5559

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service...

9.1CVSS5.9AI score0.02811EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.4 views

WordPress plugin 10Web Booster security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

9.1CVSS6.7AI score0.02811EPSS
Exploits2References1
OSV
OSV
added 2023/11/16 8:15 p.m.9 views

CVE-2023-34375

Unauth. Reflected Cross-Site Scripting XSS vulnerability in 10Web SEO by 10Web plugin = 1.2.9 versions...

6.1CVSS7.3AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/16 12:0 a.m.6 views

WordPress Plugin SEO by 10Web Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.1CVSS6.5AI score0.00403EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/11/01 12:0 a.m.12 views

The vulnerability of the SEO plugin developed by 10Web, a content management system for WordPress, allows attackers to perform cross-site scripting attacks.

The vulnerability of the SEO plugin of the 10Web content management system for WordPress is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

6.4CVSS6.3AI score0.00909EPSS
Exploits3References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/10/29 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-5559

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service...

9.1CVSS7.4AI score0.02811EPSS
Exploits2References1
Rows per page
Query Builder