Lucene search
K

268 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:2 a.m.9 views

CVE-2023-45070

Unauth. Reflected Cross-Site Scripting XSS vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin = 1.15.18 versions...

7.1CVSS5.9AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.10 views

CVE-2023-6166

The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...

6.1CVSS6.7AI score0.0042EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 3:18 a.m.4 views

CVE-2023-23490

The Survey Maker WordPress Plugin, version 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveysids' parameter of its 'ayssurveysexportjson' action...

8.8CVSS7.9AI score0.02341EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 p.m.4 views

CVE-2022-1564

The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS6.1AI score0.00995EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:27 p.m.9 views

CVE-2022-0747

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection...

9.8CVSS7.5AI score0.15254EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 p.m.11 views

CVE-2022-1456

The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfilteredhtml is disallowed...

4.8CVSS6AI score0.00565EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:32 p.m.6 views

CVE-2021-24651

The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the aysfinishpoll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash...

7.5CVSS8AI score0.01587EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.5 views

CVE-2021-24483

The getpollcategories, getpolls and getreports functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

7.2CVSS7.7AI score0.01409EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.13 views

CVE-2021-24459

The getresults and getitems functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

8.8CVSS7.7AI score0.01362EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.11 views

CVE-2019-17574

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the doaction function to invoke certain popmake or pum methods, as demonstrated by controlling content and delivery of popmake-system-info.txt aka the...

9.1CVSS7AI score0.09232EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.4 views

WordPress plugin Form Maker by 10Web 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS5.5AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:1 p.m.7 views

CVE-2024-13053

The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:1 p.m.10 views

CVE-2024-8617

The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00266EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:15 p.m.6 views

CVE-2024-8617

The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00266EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 8:15 p.m.5 views

CVE-2024-8617

The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00266EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:15 p.m.4 views

CVE-2024-13053

The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00266EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.20 views

CVE-2024-8617 Quiz Maker <= 6.5.9.8 - Admin+ Stored XSS

The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00266EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.27 views

CVE-2024-8617

The Quiz Maker WordPress plugin is vulnerable prior to version 6.5.9.9 due to insufficient sanitization/escaping of certain settings, enabling Stored XSS for high-privilege users (e.g., admins) even when unfiltered_html is disallowed (including multisite). Affected versions include 6.5.9.8 and ea...

4.8CVSS5.8AI score0.00266EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.8 views

CVE-2024-8617 Quiz Maker <= 6.5.9.8 - Admin+ Stored XSS

The Quiz Maker WordPress plugin before 6.5.9.9 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9AI score0.00266EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.5 views

WordPress plugin Form Maker by 10Web 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

4.8CVSS4.9AI score0.00266EPSS
Exploits1References1
Rows per page
Query Builder