CVE-2025-48341 – 10Web Form Maker Stored Cross-site Scripting

May 19, 2025

CVE ID : CVE-2025-48341

Published : May 19, 2025, 3:15 p.m. | 1 hour, 13 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 10Web Form Maker by 10Web allows Stored XSS. This issue affects Form Maker by 10Web: from n/a through 1.15.33.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48342 – RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce CSRF Vulnerability

Next Article CVE-2025-48288 – Element Invader Elementor Stored Cross-Site Scripting

Highlights

CVE-2024-13914 – “WordPress File Manager Advanced Shortcode Local File Inclusion Vulnerability”

May 15, 2025

CVE ID : CVE-2024-13914

Published : May 15, 2025, 6:15 a.m. | 2 hours, 31 minutes ago

Description : The File Manager Advanced Shortcode WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6 (advanced-file-manager-pro-premium), via the ‘file_manager_advanced’ shortcode. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary JavaScript files on the server. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Sites currently using 2.5.4 (file-manager-advanced-shortcode) should be updated to 2.6.0 (advanced-file-manager-pro-premium).

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Computex

DOOM: The Dark Ages gets Path Tracing update in June, bringing better visuals for PC players

Early Memorial Day deals are LIVE on Windows PCs, gaming accessories, and more — 6 hand-picked discounts on our favorites

Microsoft open sources the Windows Subsystem for Linux — invites developers to help more seamlessly integrate Linux with Windows

How JavaScript’s at() method makes array indexing easier

How JavaScript’s at() method makes array indexing easier

Motherhood and Career Balance in Tech: Stories from Perficient LATAM

ES6: Set Vs Array- What and When?

Computex

Computex

DOOM: The Dark Ages gets Path Tracing update in June, bringing better visuals for PC players

Early Memorial Day deals are LIVE on Windows PCs, gaming accessories, and more — 6 hand-picked discounts on our favorites

CVE-2025-48341 – 10Web Form Maker Stored Cross-site Scripting

SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

DataStax releases a number of updates to better facilitate RAG implementation

Can’t switch control on elements of a chatbot using selenium in python

Telecom Namibia Hit by Massive Cyberattack: Over 400,000 Files Leaked

Top 25 AI Tools for Organizing Notes in 2025

CVE-2024-13914 – “WordPress File Manager Advanced Shortcode Local File Inclusion Vulnerability”

How to install Apple’s iOS 18.2 public beta – and what you’ll find inside

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution

Even Great Companies Get Breached — Find Out Why and How to Stop It

CVE-2025-48341 – 10Web Form Maker Stored Cross-site Scripting

Related Posts