3 matches found
WordPress Form Maker by 10Web Plugin <= 1.15.30 is vulnerable to Cross Site Scripting (XSS)
Software Form Maker by 10Web Type Plugin Vulnerable versions = 1.15.30 Fixed in 1.15.31 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10265 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0450360afe6c Credits vgo0...
CVE-2024-10265
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for...
CVE-2024-10265 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for...