Lucene search
+L

2336 matches found

Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.12 views

PT-2026-33401

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip search', 'startdate', 'enddate', 'username search', and 'useremail search' parameters in all versions up to, and including, 1.15.40. This is due to the WDW FM Library::validate data method calling stripslashes...

4.9CVSS5.9AI score0.00428EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/04/16 10:3 a.m.9 views

WordPress Form Maker by 10Web plugin <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box vulnerability

Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Form Maker by 10Web versions = 1.15.40...

7.2CVSS5.8AI score0.00241EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/14 11:16 p.m.5 views

CVE-2026-27297

Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00173EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 10:58 p.m.2 views

CVE-2026-27293

Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00194EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/14 11:0 a.m.6 views

WordPress Form Maker plugin < 1.15.38 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hiariz in WordPress Plugin Form Maker by 10Web versions 1.15.38...

6.8CVSS6AI score0.00272EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/14 3:16 a.m.7 views

CVE-2026-4388

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

7.2CVSS0.00241EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/14 2:25 a.m.14 views

EUVD-2026-22199

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/14 2:25 a.m.37 views

CVE-2026-4388 Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

7.2CVSS0.00241EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/14 2:25 a.m.5 views

CVE-2026-4388

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/14 2:25 a.m.3 views

CVE-2026-4388 Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References5
CVE
CVE
added 2026/04/14 2:25 a.m.18 views

CVE-2026-4388

CVE-2026-4388 affects the WordPress plugin “Form Maker by 10Web.” A stored XSS exists in the Matrix field (Text Box input) across all versions up to 1.15.40. Root cause: insufficient input sanitization (sanitize_text_field strips tags but not quotes) and missing output escaping when rendering sub...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

Adobe Framemaker 数字错误漏洞

Adobe Framemaker is a professional desktop publishing software for creating and editing large technical documents. A numeric error vulnerability exists in Adobe Framemaker, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...

7.8CVSS6AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.13 views

WordPress plugin Form Maker by 10Web 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.6AI score0.00241EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32588

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitize text field strips tags but not quotes and...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.4 views

Adobe FrameMaker 2022 < 17.0.9 (2022.0.9) Multiple Vulnerabilities (APSB26-36)

The version of Adobe FrameMaker installed on the remote Windows host is prior to Adobe FrameMaker 2022 17.0.9. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb26-36 advisory. - Access of Resource Using Incompatible Type 'Type Confusion' CWE-843 potentially leading ...

8.6CVSS6.3AI score0.00194EPSS
Exploits0References12
EUVD
EUVD
added 2026/04/13 9:31 a.m.3 views

EUVD-2025-209409

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

6.8CVSS6AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/04/13 7:16 a.m.4 views

CVE-2025-15441

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

6.8CVSS0.00272EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:0 a.m.1 views

CVE-2025-15441

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

6AI score0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/13 6:0 a.m.27 views

CVE-2025-15441 Form Maker < 1.15.38 - SQL Injection

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

0.00272EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/13 6:0 a.m.3 views

CVE-2025-15441 Form Maker < 1.15.38 - SQL Injection

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts...

6AI score0.00272EPSS
Exploits0References1
Rows per page
Query Builder