CVE-2026-11776

The CVE covers the WordPress plugin Form Maker by 10Web (Mobile‑Friendly Drag & Drop Contact Form Builder). The vulnerability is a generic SQL Injection in the handling of the groupids parameter, in all versions up to and including 1.15.43, due to insufficient escaping of user input and lack of p...

EUVD-2026-37842

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'groupids' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

Discuz 7.2 /faq.php SQL注入漏洞

elseif$action == 'grouppermission' ... ... ksort$gids; $groupids = array; foreach$gids as $row $groupids = $row0; $query = $db-query"SELECT FROM $tablepreusergroups u LEFT JOIN $tablepreadmingroups a ON u.groupid=a.admingid WHERE u.groupid IN ".implodeids$groupids."";...