Vulnerabilities in 10Web
49 resultsCVE-2023-6985MEDIUM10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin InstallationEPSS 1.4%CVE-2024-0221CRITICALPhoto Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File RenameEPSS 1.3%CVE-2021-24310—Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery TitleEPSS 1.1%CVE-2023-5709HIGHWD WidgetTwitter <= 1.0.9 - Authenticated (Contributor+) SQL Injection via ShortcodeEPSS 0.9%CVE-2024-5481MEDIUMPhoto Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir FunctionEPSS 0.7%CVE-2024-2112MEDIUMForm Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information ExposureEPSS 0.7%CVE-2024-7150HIGHSlider by 10Web – Responsive Image Slider <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id ParameterEPSS 0.6%CVE-2024-31116HIGHWordPress 10Web Map Builder for Google Maps plugin <= 1.0.74 - SQL Injection vulnerabilityEPSS 0.5%CVE-2024-32578HIGHWordPress Sliderby10Web plugin <= 1.2.54 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.5%CVE-2026-7048MEDIUMPhoto Gallery by 10Web <= 1.8.40 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode AttributeEPSS 0.5%CVE-2025-13377CRITICAL10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cacheEPSS 0.5%CVE-2023-6924MEDIUMPhoto Gallery by 10Web <= 1.8.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via WidgetEPSS 0.5%CVE-2024-29832MEDIUMWordPress Photo Gallery Plugin <= 1.8.21 Unauthenticated Reflected Cross Site Scripting in GalleryBox current_urlEPSS 0.4%CVE-2024-2296MEDIUMPhoto Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVGEPSS 0.4%CVE-2024-29833MEDIUMWordPress Photo Gallery Plugin <= 1.8.21 Stored Cross Site Scripting in UploadHandlerEPSS 0.4%CVE-2026-3330MEDIUMForm Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' ParameterEPSS 0.4%CVE-2024-9878MEDIUMPhoto Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2024-5020MEDIUMMultiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript LibraryEPSS 0.4%CVE-2024-29809MEDIUMWordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_urlEPSS 0.4%CVE-2024-29810MEDIUMWordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg thumb_urlEPSS 0.4%