Lucene search
K
10webForm Maker

24 matches found

CVE
CVE
added 2019/05/23 6:34 p.m.138 views

CVE-2019-10866

The CVE-2019-10866 vulnerability affects WordPress Form Maker plugin prior to version 1.13.3. A SQL injection exists in the get_labels_parameters flow inside form-maker/admin/models/Submissions_fm.php, triggered by crafted values (notably via the asc_or_desc parameter in PoC scenarios). Documente...

9.8CVSS9.6AI score0.06214EPSS
Web
CVE
CVE
added 2023/10/18 12:34 p.m.103 views

CVE-2023-45070

CVE-2023-45070 affects WordPress Form Maker by 10Web (Mobile-Friendly Drag & Drop Contact Form Builder)

7.1CVSS6.1AI score0.00354EPSS
CVE
CVE
added 2023/10/16 7:39 p.m.94 views

CVE-2023-4666

CVE-2023-4666 affects the Form Maker by 10Web WordPress plugin (before 1.15.20). The vulnerability arises because the plugin does not validate signatures when creating them on the server from user input, allowing unauthenticated users to upload arbitrary files and potentially achieve remote code ...

9.8CVSS9.6AI score0.03283EPSS
CVE
CVE
added 2022/05/30 8:35 a.m.89 views

CVE-2022-1564

CVE-2022-1564 concerns the WordPress Form Maker by 10Web plugin (pre-1.14.12) where the Custom Text settings are not sanitized/escaped, enabling stored Cross-Site Scripting by high-privilege users (e.g., admins) when unfiltered_html is disallowed. Impact described in multiple sources includes an ...

4.8CVSS4.8AI score0.00995EPSS
CVE
CVE
added 2022/10/25 12:0 a.m.88 views

CVE-2022-3300

CVE-2022-3300 affects the WordPress plugin “Form Maker by 10Web” prior to version 1.15.6. The root cause is improper sanitization/escaping of a parameter before it is used in a SQL statement, resulting in a SQL injection. Impact is described as exploitable by high-privilege users such as admins, ...

7.2CVSS7.1AI score0.01015EPSS
Web
CVE
CVE
added 2024/04/09 6:58 p.m.87 views

CVE-2024-2112

The CVE-2024-2112 entry concerns the WordPress plugin Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder, affected up to version 1.15.22. The vulnerability, described across sources (NVD/NVD-related, Red Hat, PatchStack), is Sensitive Information Exposure via the plugin’s sign...

7.5CVSS9.2AI score0.00699EPSS
CVE
CVE
added 2023/10/18 12:38 p.m.84 views

CVE-2023-45071

The CVE CVE-2023-45071 affects the WordPress plugin Form Maker by 10Web (Mobile-Friendly Drag & Drop Contact Form Builder) 1.15.18, specifically fixed in 1.15.19, or apply vendor-supplied mitigations. Product references in connected docs confirm attack surface and patch status.

7.1CVSS5.8AI score0.00331EPSS
CVE
CVE
added 2024/04/27 3:33 a.m.76 views

CVE-2024-2258

CVE-2024-2258 (Form Maker by 10Web, WordPress): Stored XSS vulnerability in forms via a user’s display name autofill. Affected versions are all until 1.15.24 due to insufficient input sanitization and output escaping. Exploitation requires subscriber-level access and above, enabling arbitrary scr...

5.4CVSS5.7AI score0.00355EPSS
CVE
CVE
added 2019/04/29 1:46 p.m.75 views

CVE-2019-11590

The 10Web Form Maker plugin for WordPress is affected by CVE-2019-11590 (versions

8.8CVSS8.5AI score0.01169EPSS
Web
CVE
CVE
added 2024/04/17 8:44 a.m.75 views

CVE-2024-32534

CVE-2024-32534 affects Form Maker (WordPress plugin) by 10Web, with stored XSS due to improper input neutralization during web page generation. Public references confirm the issue and affected range (Form Maker by 10Web:

5.9CVSS5.2AI score0.00335EPSS
CVE
CVE
added 2025/04/16 6:0 a.m.71 views

CVE-2024-10680

The CVE CVE-2024-10680 pertains to the Form Maker by 10Web WordPress plugin (versions before 1.15.32). The issue arises from inadequate sanitization/escaping of several plugin settings, enabling Stored Cross-Site Scripting (XSS) where a high-privilege user (e.g., an admin) can inject scripts even...

4.8CVSS5.4AI score0.00219EPSS
CVE
CVE
added 2025/02/24 6:0 a.m.71 views

CVE-2024-13605

The CVE-2024-13605 entry concerns Form Maker by 10Web for WordPress, affecting versions prior to 1.15.33. It is a Stored XSS in certain settings due to insufficient sanitisation/escaping, which can be triggered by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., ...

4.8CVSS5.4AI score0.00334EPSS
CVE
CVE
added 2024/06/04 10:25 a.m.66 views

CVE-2023-48290

Form Maker by 10Web WordPress plugin

5.3CVSS5.4AI score0.00374EPSS
CVE
CVE
added 2021/08/16 10:48 a.m.64 views

CVE-2021-24526

CVE-2021-24526 affects the WordPress plugin Form Maker (by 10Web) prior to version 1.13.60. The issue is an authenticated Stored XSS caused by not escaping the Form Title when outputting it in an HTML attribute while editing a form in the admin dashboard. Impact is limited to authenticated users ...

5.4CVSS5.2AI score0.01091EPSS
CVE
CVE
added 2024/08/12 9:22 p.m.64 views

CVE-2024-43220

CVE-2024-43220 is a reflected XSS in the WordPress plugin “Form Maker by 10Web – Mobile-Friendly Drag & Drop Form Builder.” The vulnerability arises from improper input neutralization during web page generation, enabling a reflected XSS payload. Affected releases are Form Maker by 10Web up to 1.1...

7.1CVSS7AI score0.0029EPSS
CVE
CVE
added 2024/01/27 3:32 a.m.63 views

CVE-2024-0667

The CVE concerns the WordPress plugin Form Maker by 10Web (Mobile-Friendly Drag & Drop Form Builder). A Cross-Site Request Forgery (CSRF) flaw exists in versions up to and including 1.15.21, caused by missing or incorrect nonce validation on the plugin’s execute function. This allows an unauthent...

6.3CVSS6.9AI score0.00229EPSS
CVE
CVE
added 2024/07/01 6:0 a.m.63 views

CVE-2024-6130

The CVE-2024-6130 entry concerns The Form Maker by 10Web WordPress plugin prior to version 1.15.26, where certain settings are not properly sanitised/escaped. The Red Hat and CVE databases confirm this can enable Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disa...

4.8CVSS4.9AI score0.00442EPSS
CVE
CVE
added 2025/03/24 6:0 a.m.59 views

CVE-2024-10558

CVE-2024-10558 concerns the WordPress plugin Form Maker by 10Web. Multiple connected sources confirm a stored XSS risk in admin-level or high-privilege user settings due to incomplete sanitization/escaping of certain settings, potentially allowing an admin (or similarly privileged user) to execut...

3.5CVSS5.8AI score0.00247EPSS
CVE
CVE
added 2025/03/25 6:0 a.m.56 views

CVE-2024-10560

CVE-2024-10560 affects the WordPress plugin Form Maker by 10Web, specifically versions before 1.15.30. The issue is a failure to sanitize/escape certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). The ...

3.5CVSS5.8AI score0.003EPSS
CVE
CVE
added 2024/11/10 12:30 p.m.55 views

CVE-2024-10265

CVE-2024-10265 affects the Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder for WordPress. It enables a Reflected Cross‑Site Scripting via the use of add_query_arg without proper escaping in the URL, impacting all versions up to and including 1.15.30. Unauthenticated attacke...

6.1CVSS6AI score0.00363EPSS
CVE
CVE
added 2024/09/26 11:32 a.m.55 views

CVE-2024-8633

CVE-2024-8633 – Form Maker by 10Web for WordPress is affected by a Stored Cross-Site Scripting (XSS) vulnerability in all versions up to 1.15.27. The root cause is insufficient input sanitization and output escaping in the plugin, which allows an authenticated attacker with Administrator-level ac...

5.5CVSS5.1AI score0.00321EPSS
CVE
CVE
added 2025/01/07 6:0 a.m.53 views

CVE-2024-10562

CVE-2024-10562 affects the WordPress plugin Form Maker by 10Web (versions before 1.15.31). An authenticated admin can exploit a Stored Cross-Site Scripting (XSS) flaw due to incomplete sanitization/escaping of certain settings, enabling script execution in the admin context. The issue is document...

2.7CVSS5.4AI score0.00401EPSS
CVE
CVE
added 2024/05/09 11:3 a.m.46 views

CVE-2024-34437

Technical details beyond the vulnerability description are not provided in the connected documents. No explicit exploit path, affected components, root cause, or remediation details are included. Monitor for official advisories for deeper technical information and fixes.

5.9CVSS5.2AI score0.00447EPSS
CVE
CVE
added 2025/05/15 8:6 p.m.31 views

CVE-2024-13053

The CVE-2024-13053 entry concerns the WordPress plugin Form Maker by 10Web (prior to version 1.15.33). Root cause: certain settings are not properly sanitized/escaped, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, including mu...

4.8CVSS5.7AI score0.00266EPSS