4 matches found
CVE-2024-10560
The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-13605 Form Maker by 10Web < 1.15.33 - Admin+ Stored XSS
The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3300
CVE-2022-3300 affects the WordPress plugin “Form Maker by 10Web” prior to version 1.15.6. The root cause is improper sanitization/escaping of a parameter before it is used in a SQL statement, resulting in a SQL injection. Impact is described as exploitable by high-privilege users such as admins, ...
Cross site scripting
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...