Lucene search
K

407 matches found

CVE
CVE
added 2026/02/03 6:38 a.m.22 views

CVE-2026-1058

The vulnerability CVE-2026-1058 affects the WordPress Form Maker plugin by 10Web. A stored XSS exists in all versions up to 1.15.35 due to insufficient escaping of hidden field values in the admin submissions list; html_entity_decode() is applied to user-supplied hidden field values without prope...

7.1CVSS5.6AI score0.0032EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/03 6:38 a.m.3 views

CVE-2026-1058 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses htmlentitydecode o...

7.1CVSS5.6AI score0.0032EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/03 6:38 a.m.5 views

EUVD-2026-5290

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses htmlentitydecode o...

7.1CVSS5.6AI score0.0032EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:38 a.m.7 views

CVE-2026-1058

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses htmlentitydecode o...

7.1CVSS5.6AI score0.0032EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/03 6:38 a.m.29 views

CVE-2026-1065 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...

7.2CVSS0.00338EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:38 a.m.2 views

CVE-2026-1065

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...

7.2CVSS5.5AI score0.00338EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/03 6:38 a.m.4 views

EUVD-2026-5288

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...

7.2CVSS5.5AI score0.00338EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/03 6:38 a.m.3 views

CVE-2026-1065 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...

7.2CVSS5.5AI score0.00338EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6028

Name of the Vulnerable Software and Affected Versions Form Maker plugin for WordPress versions prior to 1.15.36 Description The Form Maker plugin for WordPress is susceptible to Stored Cross-Site Scripting through hidden field values. Insufficient output escaping when displaying these values in t...

7.1CVSS6AI score0.0032EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.3 views

PT-2026-6029

Name of the Vulnerable Software and Affected Versions Form Maker by 10Web plugin for WordPress versions through 1.15.35 Description The Form Maker by 10Web plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is a result of the plugin allowing SVG file uploads with insufficien...

7.2CVSS5.5AI score0.00338EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

WordPress plugin Form Maker by 10Web 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.2CVSS5.9AI score0.00338EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

WordPress plugin Form Maker 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.1CVSS5.8AI score0.0032EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.5 views

CVE-2023-4666

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE...

9.8CVSS7AI score0.03283EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.11 views

CVE-2019-11590

The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the latter is...

8.8CVSS6.9AI score0.01169EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:6 a.m.9 views

CVE-2024-34437

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.24...

5.9CVSS5.2AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.8 views

CVE-2024-2258

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. Th...

5.4CVSS5.8AI score0.00355EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.7 views

CVE-2024-2112

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extract sensitive...

7.5CVSS6.7AI score0.00699EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Form Maker by 10Web plugin < 1.15.31 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ingatyev in WordPress Plugin Form Maker by 10Web versions 1.15.31...

2.7CVSS5.9AI score0.00408EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-2886

Malware in sbrugna...

9.8CVSS9.4AI score0.03258EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-17756

Malware in sbrugna...

9.8CVSS9.3AI score0.02703EPSS
Exploits5References3
Rows per page
Query Builder