Lucene search
K

407 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.8 views

CVE-2026-3330

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ipsearch', 'startdate', 'enddate', 'usernamesearch', and 'useremailsearch' parameters in all versions up to, and including, 1.15.40. This is due to the WDWFMLibrary::validatedata method calling stripslashes on us...

4.9CVSS5.7AI score0.00428EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.8 views

CVE-2026-4388

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

7.2CVSS5.6AI score0.00241EPSS
Exploits0References1
NVD
NVD
added 2026/05/23 7:16 p.m.16 views

CVE-2018-25346

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...

7.1CVSS0.00197EPSS
Exploits0References2
NVD
NVD
added 2026/05/23 7:16 p.m.13 views

CVE-2018-25347

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...

7.1CVSS0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/23 6:30 p.m.16 views

CVE-2018-25347 WordPress Contact Form Maker Plugin 1.12.20 SQL Injection

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...

7.1CVSS0.00214EPSS
Exploits0References3
CVE
CVE
added 2026/05/23 6:30 p.m.24 views

CVE-2018-25347

The vulnerability affects WordPress WordPress Contact Form Maker Plugin 1.12.20. It exposes SQL injection in the FormMakerSQLMapping and generete_csv_fmc AJAX actions, allowing an authenticated attacker to manipulate database queries via the name and search_labels parameters to potentially extrac...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.8 views

CVE-2018-25346

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...

7.1CVSS5.9AI score0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.10 views

CVE-2018-25347 WordPress Contact Form Maker Plugin 1.12.20 SQL Injection

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/23 6:30 p.m.15 views

CVE-2018-25346 WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...

7.1CVSS0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/23 6:30 p.m.13 views

EUVD-2018-21871

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
CVE
CVE
added 2026/05/23 6:30 p.m.39 views

CVE-2018-25346

WordPress Form Maker Plugin ≤ 1.12.24 contains SQL injection via admin-ajax.php (FormMakerSQLMapping, generete_csv). Authenticated attackers can send POST payloads in name/search_labels to manipulate queries, potentially extracting/modifying data or escalating privileges in the WordPress database...

7.1CVSS5.9AI score0.00197EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.8 views

CVE-2018-25347

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/23 6:30 p.m.12 views

EUVD-2018-21866

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...

7.1CVSS5.9AI score0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.9 views

CVE-2018-25346 WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generetecsv actions. Attackers can submit POST requests with malicious SQL payloads in t...

7.1CVSS5.9AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

WordPress plugin Form Maker SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.1CVSS6AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.12 views

WordPress plugin Contact Form Maker SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/06 2:21 p.m.10 views

CVE-2026-3359

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/05/05 4:19 p.m.7 views

WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.42 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by type5afe in WordPress Plugin Form Maker by 10Web versions = 1.15.42...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/05 9:31 a.m.8 views

EUVD-2026-27240

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References3
NVD
NVD
added 2026/05/05 9:16 a.m.13 views

CVE-2026-3359

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS0.00358EPSS
Exploits1References2
Rows per page
Query Builder