Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

10web — Vulnerabilities & Security Advisories 41

Browse all 41 CVE security advisories affecting 10web. AI-powered Chinese analysis, POCs, and references for each vulnerability.

10Web operates as an automated WordPress hosting and management platform, primarily serving small to medium-sized businesses seeking simplified site deployment and maintenance. Security audits have identified forty-one Common Vulnerabilities and Exposures (CVEs) associated with its infrastructure and software components. Historically, these flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from outdated dependencies or misconfigured server environments. While no single catastrophic data breach has been publicly attributed directly to 10Web’s core platform, the high volume of CVEs indicates persistent challenges in patch management and code review processes. The organization generally responds to disclosures by releasing updates, yet the accumulation of unresolved or legacy issues suggests a reactive rather than proactive security posture. Users relying on this service must remain vigilant regarding plugin compatibility and server configuration to mitigate risks associated with these documented weaknesses.

Top products by 10web: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Photo Gallery by 10Web – Mobile-Friendly Image Gallery PhotoGallery 10Web Map Builder for Google Maps Photo Gallery by 10Web 10WebAnalytics SEO by 10Web WDContactFormBuilder WD WidgetTwitter 10Web AI Assistant – AI content writing assistant Slider by 10Web Slider by 10Web – Responsive Image Slider 10Web Social Post Feed Form Maker by 10Web 10Web Booster – Website speed optimization, Cache & Page Speed optimizer
CVE IDTitleCVSSSeverityPublished
CVE-2024-29808 WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_id — PhotoGalleryCWE-79 5.4 Medium2024-03-26
CVE-2024-29832 WordPress Photo Gallery Plugin <= 1.8.21 Unauthenticated Reflected Cross Site Scripting in GalleryBox current_url — PhotoGalleryCWE-79 6.1 Medium2024-03-26
CVE-2024-0221 Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-22 9.1 Critical2024-02-05
CVE-2023-6985 10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin Installation — 10Web AI Assistant – AI content writing assistantCWE-862 6.5 Medium2024-02-05
CVE-2024-0667 Form-Maker (twb_form-maker) <= 1.15.21 - Cross-Site Request Forgery to Limited Code Execution via Execute — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-1078 5.4 Medium2024-01-27
CVE-2023-6924 Photo Gallery by 10Web <= 1.8.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79 4.4 Medium2024-01-11
CVE-2023-5048 WDContactFormBuilder <= 1.0.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WDContactFormBuilderCWE-79 6.4 Medium2023-11-22
CVE-2023-34375 WordPress Seo By 10Web Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS) — SEO by 10WebCWE-79 7.1 High2023-11-16
CVE-2023-5709 WD WidgetTwitter <= 1.0.9 - Authenticated (Contributor+) SQL Injection via Shortcode — WD WidgetTwitterCWE-89 8.8 High2023-11-07
CVE-2020-36756 10WebAnalytics <= 1.2.8 - Cross-Site Request Forgery Bypass — 10WebAnalyticsCWE-352 4.3 Medium2023-07-12
CVE-2021-24310 Photo Gallery < 1.5.67 - Authenticated Stored Cross-Site Scripting via Gallery Title — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79 4.8 -2021-06-01

This page lists every published CVE security advisory associated with 10web. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.