10web

Form Maker

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2026-11776

  • EPSS 0.36%
  • Veröffentlicht 18.06.2026 04:31:09
  • Zuletzt bearbeitet 18.06.2026 04:31:09

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'groupids' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user...

4.9

CVE-2026-11777

  • EPSS 0.36%
  • Veröffentlicht 18.06.2026 04:31:08
  • Zuletzt bearbeitet 18.06.2026 04:31:08

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user sup...

9.3

CVE-2026-39502

  • EPSS 0.28%
  • Veröffentlicht 15.06.2026 20:17:55
  • Zuletzt bearbeitet 15.06.2026 21:24:32

Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.

7.1

CVE-2018-25346

Exploit
  • EPSS 0.2%
  • Veröffentlicht 23.05.2026 18:30:48
  • Zuletzt bearbeitet 26.05.2026 19:37:32

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generete_csv actions. Attackers can submi...

7.5

CVE-2026-3359

  • EPSS 0.36%
  • Veröffentlicht 05.05.2026 09:16:03
  • Zuletzt bearbeitet 05.05.2026 19:08:20

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in versions up to, and including, 1.15.42 due to insufficient escaping on the user supplied para...

4.9

CVE-2026-3330

  • EPSS 0.43%
  • Veröffentlicht 17.04.2026 03:36:43
  • Zuletzt bearbeitet 22.04.2026 20:22:50

The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'startdate', 'enddate', 'username_search', and 'useremail_search' parameters in all versions up to, and including, 1.15.40. This is due to the `WDW_FM_Li...

7.2

CVE-2026-4388

  • EPSS 0.24%
  • Veröffentlicht 14.04.2026 02:25:48
  • Zuletzt bearbeitet 22.04.2026 20:23:16

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box input type) in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization (`s...

6.8

CVE-2025-15441

Exploit
  • EPSS 0.27%
  • Veröffentlicht 13.04.2026 06:00:11
  • Zuletzt bearbeitet 15.04.2026 15:05:47

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts.

7.2

CVE-2026-1065

  • EPSS 0.34%
  • Veröffentlicht 03.02.2026 07:16:11
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based ...

7.1

CVE-2026-1058

  • EPSS 0.32%
  • Veröffentlicht 03.02.2026 07:16:11
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submi...