Vulnerabilities > 10Web

DATE CVE VULNERABILITY TITLE RISK
2023-01-23 CVE-2022-4758 Unspecified vulnerability in 10Web MAP Builder for Google Maps
The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
network
low complexity
10web
5.4
2022-12-26 CVE-2022-4197 Unspecified vulnerability in 10Web Slider
The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
10web
4.8
2022-12-19 CVE-2022-4058 Unspecified vulnerability in 10Web Photo Gallery
The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control.
network
low complexity
10web
5.4
2022-10-25 CVE-2022-3300 SQL Injection vulnerability in 10Web Form Maker
The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
network
low complexity
10web CWE-89
7.2
2022-06-08 CVE-2022-1394 Cross-site Scripting vulnerability in 10Web Photo Gallery
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
network
10web CWE-79
3.5
2022-05-30 CVE-2022-1564 Cross-site Scripting vulnerability in 10Web Form Maker
The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
network
10web CWE-79
3.5
2022-05-23 CVE-2022-1320 Cross-site Scripting vulnerability in 10Web Sliderby10Web
The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
network
10web CWE-79
3.5
2022-05-02 CVE-2022-1281 SQL Injection vulnerability in 10Web Photo Gallery
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
network
low complexity
10web CWE-89
7.5
2022-05-02 CVE-2022-1282 Cross-site Scripting vulnerability in 10Web Photo Gallery
The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action.
network
10web CWE-79
4.3
2022-03-14 CVE-2022-0169 SQL Injection vulnerability in 10Web Photo Gallery
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection
network
low complexity
10web CWE-89
7.5