2 matches found
CVE-2023-2224
The SEO by 10Web WordPress plugin before 1.2.7 is vulnerable to Stored XSS due to insufficient sanitisation/escaping of settings. High-privilege users (admin) could exploit this—even when unfiltered_html is disallowed in multisite environments. Affected versions:
CVE-2023-34375
CVE-2023-34375 concerns the WordPress plugin “SEO by 10Web” (versions ≤ 1.2.9). The vulnerability is an unauthenticated reflected Cross‑Site Scripting (XSS) that could be exploited by an attacker without credentials. Public writeups in the connected data confirm the flaw exists in this plugin ver...