10web

Form Maker

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2026-3330

  • EPSS 0.01%
  • Veröffentlicht 17.04.2026 03:36:43
  • Zuletzt bearbeitet 17.04.2026 05:16:18

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'startdate', 'enddate', 'username_search', and 'useremail_search' parameters in all versions up to, and including, 1.15.40. This is due to the `WDW_FM_Li...

7.2

CVE-2026-4388

  • EPSS 0.07%
  • Veröffentlicht 14.04.2026 02:25:48
  • Zuletzt bearbeitet 14.04.2026 03:16:08

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box input type) in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization (`s...

6.8

CVE-2025-15441

Exploit
  • EPSS 0.04%
  • Veröffentlicht 13.04.2026 06:00:11
  • Zuletzt bearbeitet 15.04.2026 15:05:47

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts.

7.2

CVE-2026-1065

  • EPSS 0.02%
  • Veröffentlicht 03.02.2026 07:16:11
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based ...

7.1

CVE-2026-1058

  • EPSS 0.05%
  • Veröffentlicht 03.02.2026 07:16:11
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submi...

5.9

CVE-2025-48341

  • EPSS 0.18%
  • Veröffentlicht 19.05.2025 14:55:22
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Maker by 10Web form-maker allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through <= 1.15.33.

4.8

CVE-2024-13053

Exploit
  • EPSS 0.17%
  • Veröffentlicht 15.05.2025 20:15:38
  • Zuletzt bearbeitet 09.06.2025 20:06:12

The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

4.8

CVE-2024-10680

Exploit
  • EPSS 0.17%
  • Veröffentlicht 16.04.2025 06:00:09
  • Zuletzt bearbeitet 23.04.2025 16:21:14

The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

3.5

CVE-2024-10560

Exploit
  • EPSS 0.07%
  • Veröffentlicht 25.03.2025 06:00:06
  • Zuletzt bearbeitet 03.04.2025 17:37:24

The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

3.5

CVE-2024-10558

Exploit
  • EPSS 0.09%
  • Veröffentlicht 24.03.2025 06:00:05
  • Zuletzt bearbeitet 13.05.2025 13:29:16

The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...