CVE-2026-11776
The CVE covers the WordPress plugin Form Maker by 10Web (Mobile‑Friendly Drag & Drop Contact Form Builder). The vulnerability is a generic SQL Injection in the handling of the groupids parameter, in all versions up to and including 1.15.43, due to insufficient escaping of user input and lack of p...