407 matches found
CVE-2026-1058
The vulnerability CVE-2026-1058 affects the WordPress Form Maker plugin by 10Web. A stored XSS exists in all versions up to 1.15.35 due to insufficient escaping of hidden field values in the admin submissions list; html_entity_decode() is applied to user-supplied hidden field values without prope...
CVE-2026-1058 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field
The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses htmlentitydecode o...
EUVD-2026-5290
The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses htmlentitydecode o...
CVE-2026-1058
The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses htmlentitydecode o...
CVE-2026-1065 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...
CVE-2026-1065
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...
EUVD-2026-5288
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...
CVE-2026-1065 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...
PT-2026-6028
Name of the Vulnerable Software and Affected Versions Form Maker plugin for WordPress versions prior to 1.15.36 Description The Form Maker plugin for WordPress is susceptible to Stored Cross-Site Scripting through hidden field values. Insufficient output escaping when displaying these values in t...
PT-2026-6029
Name of the Vulnerable Software and Affected Versions Form Maker by 10Web plugin for WordPress versions through 1.15.35 Description The Form Maker by 10Web plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is a result of the plugin allowing SVG file uploads with insufficien...
WordPress plugin Form Maker by 10Web 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress plugin Form Maker 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2023-4666
The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE...
CVE-2019-11590
The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the latter is...
CVE-2024-34437
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.24...
CVE-2024-2258
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. Th...
CVE-2024-2112
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive...
WordPress Form Maker by 10Web plugin < 1.15.31 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ingatyev in WordPress Plugin Form Maker by 10Web versions 1.15.31...
EUVD-2015-2886
Malware in sbrugna...
EUVD-2018-17756
Malware in sbrugna...