PT-2026-33401
The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip search', 'startdate', 'enddate', 'username search', and 'useremail search' parameters in all versions up to, and including, 1.15.40. This is due to the WDW FM Library::validate data method calling stripslashes...