Vulnerabilities > 10Web

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2020-36756 Unspecified vulnerability in 10Web 10Webanalytics
The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8.
network
low complexity
10web
4.3
2023-06-07 CVE-2021-46889 Cross-site Scripting vulnerability in 10Web Photo Gallery
The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data.
network
low complexity
10web CWE-79
6.1
2023-06-05 CVE-2023-2224 Cross-site Scripting vulnerability in 10Web SEO
The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
10web CWE-79
4.8
2023-06-05 CVE-2023-2503 Unspecified vulnerability in 10Web Social Post Feed
The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
10web
6.1
2023-05-30 CVE-2023-2117 Unspecified vulnerability in 10Web Image Optimizer
The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.
network
low complexity
10web
2.7
2023-04-17 CVE-2023-1427 Unspecified vulnerability in 10Web Photo Gallery
- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.
network
low complexity
10web
4.9
2023-03-13 CVE-2023-0037 Unspecified vulnerability in 10Web MAP Builder for Google Maps
The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
network
low complexity
10web
critical
9.8
2023-01-23 CVE-2022-4758 Unspecified vulnerability in 10Web MAP Builder for Google Maps
The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
network
low complexity
10web
5.4
2022-12-26 CVE-2022-4197 Unspecified vulnerability in 10Web Slider
The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
10web
4.8
2022-12-19 CVE-2022-4058 Unspecified vulnerability in 10Web Photo Gallery
The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.
network
low complexity
10web
5.4