Vulnerabilities > 10Web > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-18 | CVE-2024-32583 | Unspecified vulnerability in 10Web Photo Gallery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Reflected XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.21. | 6.1 |
| 2024-04-17 | CVE-2024-32534 | Unspecified vulnerability in 10Web Form Maker Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.23. | 4.8 |
| 2024-04-06 | CVE-2024-2296 | Unspecified vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-03-26 | CVE-2024-29808 | Unspecified vulnerability in 10Web Photo Gallery The image_id parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 5.4 |
| 2024-03-26 | CVE-2024-29809 | Unspecified vulnerability in 10Web Photo Gallery The image_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 5.4 |
| 2024-03-26 | CVE-2024-29810 | Unspecified vulnerability in 10Web Photo Gallery The thumb_url parameter of the AJAX call to the editimage_bwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 5.4 |
| 2024-03-26 | CVE-2024-29832 | Unspecified vulnerability in 10Web Photo Gallery The current_url parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. | 6.1 |
| 2024-03-26 | CVE-2024-29833 | Unspecified vulnerability in 10Web Photo Gallery The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. | 5.4 |
| 2024-01-27 | CVE-2024-0667 | Cross-Site Request Forgery (CSRF) vulnerability in 10Web Form Maker The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. | 6.3 |
| 2024-01-11 | CVE-2023-6924 | Cross-site Scripting vulnerability in 10Web Photo Gallery The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |