56 matches found
CVE-2018-25346 WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php
WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...
CVE-2018-25346
WordPress Form Maker Plugin ≤ 1.12.24 contains SQL injection via admin-ajax.php (FormMakerSQLMapping, generete_csv). Authenticated attackers can send POST payloads in name/search_labels to manipulate queries, potentially extracting/modifying data or escalating privileges in the WordPress database...
CVE-2018-25346
WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...
CVE-2018-25346 WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php
WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...
WordPress plugin Form Maker SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-4388
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...
CVE-2025-15441
The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...
CVE-2026-1065
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...
CVE-2026-1058
The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses htmlentitydecode o...
CVE-2026-1058
The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses htmlentitydecode o...
CVE-2026-1065
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...
EUVD-2026-5290
The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses htmlentitydecode o...
PT-2026-6028
Name of the Vulnerable Software and Affected Versions Form Maker plugin for WordPress versions prior to 1.15.36 Description The Form Maker plugin for WordPress is susceptible to Stored Cross-Site Scripting through hidden field values. Insufficient output escaping when displaying these values in t...
CVE-2024-2258
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. Th...
EUVD-2025-4371
Malicious code in bioql PyPI...
EUVD-2022-42691
Malicious code in bioql PyPI...
EUVD-2024-27076
Malicious code in bioql PyPI...
CVE-2024-0667
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the 'execute' function. This makes it possible for...
CVE-2024-6130
The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-8633
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...