10web

Form Maker

26 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2025-48341

  • EPSS 0.06%
  • Published 19.05.2025 14:55:22
  • Last modified 21.05.2025 20:25:33

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Maker by 10Web allows Stored XSS. This issue affects Form Maker by 10Web: from n/a through 1.15.33.

4.8

CVE-2024-13053

Exploit
  • EPSS 0.06%
  • Published 15.05.2025 20:15:38
  • Last modified 09.06.2025 20:06:12

The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

4.8

CVE-2024-10680

Exploit
  • EPSS 0.03%
  • Published 16.04.2025 06:00:09
  • Last modified 23.04.2025 16:21:14

The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

3.5

CVE-2024-10560

Exploit
  • EPSS 0.03%
  • Published 25.03.2025 06:00:06
  • Last modified 03.04.2025 17:37:24

The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

3.5

CVE-2024-10558

Exploit
  • EPSS 0.04%
  • Published 24.03.2025 06:00:05
  • Last modified 13.05.2025 13:29:16

The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

4.8

CVE-2024-13605

Exploit
  • EPSS 0.02%
  • Published 24.02.2025 06:15:11
  • Last modified 07.05.2025 17:28:44

The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

2.7

CVE-2024-10562

Exploit
  • EPSS 0.19%
  • Published 07.01.2025 06:15:14
  • Last modified 08.05.2025 19:47:05

The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

6.4

CVE-2024-5020

  • EPSS 0.21%
  • Published 04.12.2024 09:15:04
  • Last modified 04.12.2024 09:15:04

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplie...

6.1

CVE-2024-10265

  • EPSS 0.94%
  • Published 10.11.2024 13:15:03
  • Last modified 14.11.2024 15:17:47

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includi...

4.8

CVE-2024-8633

  • EPSS 0.15%
  • Published 26.09.2024 12:15:04
  • Last modified 01.10.2024 14:17:43

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. Thi...