Lucene search
K

198 matches found

Cvelist
Cvelist
added 2026/05/05 7:42 a.m.45 views

CVE-2026-3359 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

7.5CVSS0.00358EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

WordPress plugin Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS5.9AI score0.00358EPSS
Exploits1References2
CVE
CVE
added 2026/04/17 3:36 a.m.13 views

CVE-2026-3330

The Form Maker by 10Web WordPress plugin (prepare(). Authenticated attackers with Administrator+ access can inject additional SQL into existing queries to exfiltrate data. The vulnerability can be triggered via CSRF because the Submissions controller skips nonce verification for the display task....

4.9CVSS5.9AI score0.00428EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/17 3:36 a.m.5 views

CVE-2026-3330 Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ipsearch', 'startdate', 'enddate', 'usernamesearch', and 'useremailsearch' parameters in all versions up to, and including, 1.15.40. This is due to the WDWFMLibrary::validatedata method calling stripslashes on us...

4.9CVSS5.8AI score0.00428EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/04/17 2:1 a.m.7 views

WordPress Form Maker by 10Web plugin <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter vulnerability

Authenticated Administrator+ SQL Injection via 'ipsearch' Parameter vulnerability discovered by Sein Linn in WordPress Plugin Form Maker by 10Web versions = 1.15.40...

4.9CVSS6AI score0.00428EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

WordPress plugin Form Maker by 10Web 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.9CVSS5.8AI score0.00428EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 2:25 a.m.2 views

CVE-2026-4388 Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/14 2:25 a.m.34 views

CVE-2026-4388 Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

7.2CVSS0.00241EPSS
Exploits0References5
CVE
CVE
added 2026/04/14 2:25 a.m.14 views

CVE-2026-4388

CVE-2026-4388 affects the WordPress plugin “Form Maker by 10Web.” A stored XSS exists in the Matrix field (Text Box input) across all versions up to 1.15.40. Root cause: insufficient input sanitization (sanitize_text_field strips tags but not quotes) and missing output escaping when rendering sub...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/14 2:25 a.m.4 views

CVE-2026-4388

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/14 2:25 a.m.12 views

EUVD-2026-22199

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field Text Box input type in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization sanitizetextfield strips tags but not quotes and...

7.2CVSS5.9AI score0.00241EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.11 views

WordPress plugin Form Maker by 10Web 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.6AI score0.00241EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

WordPress plugin Form Maker by 10Web 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.8CVSS5.9AI score0.00272EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/08 10:34 a.m.7 views

WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Form Maker by 10Web versions = 1.15.38...

6AI score0.00283EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.5 views

CVE-2026-32330

Cross-Site Request Forgery CSRF vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.5 views

EUVD-2026-11804

Cross-Site Request Forgery CSRF vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

5.8AI score0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-32330

Cross-Site Request Forgery CSRF vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

4.3CVSS0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:41 a.m.26 views

CVE-2026-32330 WordPress Photo Gallery by 10Web plugin <= 1.8.37 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

4.3CVSS0.00107EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 11:41 a.m.7 views

CVE-2026-32330

CVE-2026-32330 is a CSRF vulnerability affecting the WordPress Photo Gallery by 10Web plugin, version range up to and including 1.8.37. Connected sources corroborate the issue across multiple feeds (NVD, Red Hat, EUVD/ENISA, CVE list, AttackersKB, etc.). The description consistently states a Cros...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 11:41 a.m.2 views

CVE-2026-32330 WordPress Photo Gallery by 10Web plugin <= 1.8.37 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in 10Web Photo Gallery by 10Web photo-gallery allows Cross Site Request Forgery.This issue affects Photo Gallery by 10Web: from n/a through = 1.8.37...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References1
Rows per page
Query Builder