Vulnerabilities > 10Web
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-02 | CVE-2023-45272 | Missing Authorization vulnerability in 10Web MAP Builder for Google Maps Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73. | 4.3 |
| 2025-01-02 | CVE-2023-47807 | Missing Authorization vulnerability in 10Web 10Webanalytics Missing Authorization vulnerability in 10Web 10WebAnalytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through 1.2.12. | 4.3 |
| 2024-12-13 | CVE-2023-33995 | Missing Authorization vulnerability in 10Web Photo Gallery Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15. | 4.3 |
| 2024-11-10 | CVE-2024-10265 | Cross-site Scripting vulnerability in 10Web Form Maker The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. | 6.1 |
| 2024-11-05 | CVE-2024-9878 | Cross-site Scripting vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-10-25 | CVE-2024-9628 | Unspecified vulnerability in 10Web WPS Telegram Chat The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::check?onnection' function in versions up to, and including, 4.5.4. | 6.5 |
| 2024-10-25 | CVE-2024-9630 | Missing Authorization vulnerability in 10Web WPS Telegram Chat The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. | 5.3 |
| 2024-10-25 | CVE-2024-9607 | Cross-site Scripting vulnerability in 10Web Social Post Feed The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. | 6.1 |
| 2024-10-06 | CVE-2024-44043 | Cross-site Scripting vulnerability in 10Web Photo Gallery Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27. | 4.8 |
| 2024-09-30 | CVE-2024-8283 | Cross-site Scripting vulnerability in 10Web Slider The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |