10web

Form Maker

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2025-48341

  • EPSS 0.06%
  • Veröffentlicht 19.05.2025 14:55:22
  • Zuletzt bearbeitet 21.05.2025 20:25:33

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Maker by 10Web allows Stored XSS. This issue affects Form Maker by 10Web: from n/a through 1.15.33.

4.8

CVE-2024-13053

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.05.2025 20:15:38
  • Zuletzt bearbeitet 09.06.2025 20:06:12

The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

4.8

CVE-2024-10680

Exploit
  • EPSS 0.03%
  • Veröffentlicht 16.04.2025 06:00:09
  • Zuletzt bearbeitet 23.04.2025 16:21:14

The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

3.5

CVE-2024-10560

Exploit
  • EPSS 0.03%
  • Veröffentlicht 25.03.2025 06:00:06
  • Zuletzt bearbeitet 03.04.2025 17:37:24

The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

3.5

CVE-2024-10558

Exploit
  • EPSS 0.04%
  • Veröffentlicht 24.03.2025 06:00:05
  • Zuletzt bearbeitet 13.05.2025 13:29:16

The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

4.8

CVE-2024-13605

Exploit
  • EPSS 0.02%
  • Veröffentlicht 24.02.2025 06:15:11
  • Zuletzt bearbeitet 07.05.2025 17:28:44

The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

2.7

CVE-2024-10562

Exploit
  • EPSS 0.19%
  • Veröffentlicht 07.01.2025 06:15:14
  • Zuletzt bearbeitet 08.05.2025 19:47:05

The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

6.4

CVE-2024-5020

  • EPSS 0.21%
  • Veröffentlicht 04.12.2024 09:15:04
  • Zuletzt bearbeitet 04.12.2024 09:15:04

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplie...

6.1

CVE-2024-10265

  • EPSS 0.94%
  • Veröffentlicht 10.11.2024 13:15:03
  • Zuletzt bearbeitet 14.11.2024 15:17:47

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includi...

4.8

CVE-2024-8633

  • EPSS 0.15%
  • Veröffentlicht 26.09.2024 12:15:04
  • Zuletzt bearbeitet 01.10.2024 14:17:43

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. Thi...