Lucene search
+L

2336 matches found

Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-36993

Name of the Vulnerable Software and Affected Versions The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder versions prior to 1.15.43 Description Insufficient escaping of user-supplied parameters and a lack of proper preparation in SQL queries allow unauthenticated attackers ...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.9 views

CVE-2026-6817

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ratereason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

5.8CVSS6AI score0.00228EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.16 views

VulnCheck KEV: CVE-2024-6028

The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'aysquestions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.8CVSS5.9AI score0.11755EPSS
In wildExploits0References2
NVD
NVD
added 2026/05/02 12:16 p.m.10 views

CVE-2026-6817

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ratereason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

5.8CVSS0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/05/02 11:16 a.m.18 views

CVE-2026-6817

The affected software is the WordPress plugin “Quiz Maker by AYS.” The vulnerability is a Stored Cross-Site Scripting in the rate_reason parameter present in all versions up to 6.7.1.29, caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject...

5.8CVSS6AI score0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/02 11:16 a.m.5 views

CVE-2026-6817 Quiz Maker by AYS <= 6.7.1.29 - Unauthenticated Stored Cross-Site Scripting via 'rate_reason'

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ratereason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

5.8CVSS6AI score0.00228EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/02 11:16 a.m.4 views

CVE-2026-6817

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ratereason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

5.8CVSS6AI score0.00228EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/02 11:16 a.m.7 views

EUVD-2026-26786

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ratereason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

5.8CVSS6AI score0.00228EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/02 11:16 a.m.36 views

CVE-2026-6817 Quiz Maker by AYS <= 6.7.1.29 - Unauthenticated Stored Cross-Site Scripting via 'rate_reason'

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ratereason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

5.8CVSS0.00228EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.21 views

PT-2026-36612

The Quiz Maker by AYS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rate reason' parameter in all versions up to, and including, 6.7.1.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

5.8CVSS6AI score0.00228EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

WordPress plugin Quiz Maker by AYS 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.8CVSS5.8AI score0.00228EPSS
Exploits0References1
OSV
OSV
added 2026/04/22 5:46 p.m.35 views

CLSA-2026-1776879963 php: Fix of 9 CVEs

CVE-2019-9020: fix heap out-of-bounds read in xmlrpcdecode - CVE-2019-9021: fix heap buffer overflow in phardetectpharfnameext - CVE-2019-9023: fix heap buffer over-reads in mbstring regex functions - CVE-2019-9641: fix uninitialized read in exifprocessIFDinTIFF - CVE-2019-11034: fix...

9.8CVSS6.9AI score0.10059EPSS
Exploits7References1
EUVD
EUVD
added 2026/04/17 6:31 a.m.14 views

EUVD-2026-23352

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ipsearch', 'startdate', 'enddate', 'usernamesearch', and 'useremailsearch' parameters in all versions up to, and including, 1.15.40. This is due to the WDWFMLibrary::validatedata method calling stripslashes on us...

4.9CVSS5.9AI score0.00428EPSS
Exploits0References9
NVD
NVD
added 2026/04/17 5:16 a.m.8 views

CVE-2026-3330

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ipsearch', 'startdate', 'enddate', 'usernamesearch', and 'useremailsearch' parameters in all versions up to, and including, 1.15.40. This is due to the WDWFMLibrary::validatedata method calling stripslashes on us...

4.9CVSS0.00428EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/17 3:36 a.m.29 views

CVE-2026-3330 Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ipsearch', 'startdate', 'enddate', 'usernamesearch', and 'useremailsearch' parameters in all versions up to, and including, 1.15.40. This is due to the WDWFMLibrary::validatedata method calling stripslashes on us...

4.9CVSS0.00428EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/17 3:36 a.m.3 views

CVE-2026-3330

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ipsearch', 'startdate', 'enddate', 'usernamesearch', and 'useremailsearch' parameters in all versions up to, and including, 1.15.40. This is due to the WDWFMLibrary::validatedata method calling stripslashes on us...

4.9CVSS5.9AI score0.00428EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/17 3:36 a.m.5 views

CVE-2026-3330 Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ipsearch', 'startdate', 'enddate', 'usernamesearch', and 'useremailsearch' parameters in all versions up to, and including, 1.15.40. This is due to the WDWFMLibrary::validatedata method calling stripslashes on us...

4.9CVSS5.8AI score0.00428EPSS
Exploits0References8
CVE
CVE
added 2026/04/17 3:36 a.m.15 views

CVE-2026-3330

The Form Maker by 10Web WordPress plugin (prepare(). Authenticated attackers with Administrator+ access can inject additional SQL into existing queries to exfiltrate data. The vulnerability can be triggered via CSRF because the Submissions controller skips nonce verification for the display task....

4.9CVSS5.9AI score0.00428EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/04/17 2:1 a.m.9 views

WordPress Form Maker by 10Web plugin <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter vulnerability

Authenticated Administrator+ SQL Injection via 'ipsearch' Parameter vulnerability discovered by Sein Linn in WordPress Plugin Form Maker by 10Web versions = 1.15.40...

4.9CVSS6AI score0.00428EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

WordPress plugin Form Maker by 10Web 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.9CVSS5.8AI score0.00428EPSS
Exploits0References1
Rows per page
Query Builder