10web

Form Maker

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2024-32534

  • EPSS 0.13%
  • Veröffentlicht 17.04.2024 09:15:08
  • Zuletzt bearbeitet 06.03.2025 15:00:11

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.23.

7.5

CVE-2024-2112

  • EPSS 0.97%
  • Veröffentlicht 09.04.2024 19:15:28
  • Zuletzt bearbeitet 08.04.2026 18:20:59

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for ...

6.3

CVE-2024-0667

  • EPSS 0.05%
  • Veröffentlicht 27.01.2024 04:15:08
  • Zuletzt bearbeitet 08.04.2026 19:19:14

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the 'ex...

6.1

CVE-2023-45071

  • EPSS 0.08%
  • Veröffentlicht 18.10.2023 13:15:09
  • Zuletzt bearbeitet 21.11.2024 08:26:19

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.18 versions.

6.1

CVE-2023-45070

  • EPSS 0.08%
  • Veröffentlicht 18.10.2023 13:15:09
  • Zuletzt bearbeitet 21.11.2024 08:26:19

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.18 versions.

9.8

CVE-2023-4666

Exploit
  • EPSS 75.68%
  • Veröffentlicht 16.10.2023 20:15:15
  • Zuletzt bearbeitet 23.04.2025 17:16:45

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE

7.2

CVE-2022-3300

Exploit
  • EPSS 0.81%
  • Veröffentlicht 25.10.2022 17:15:56
  • Zuletzt bearbeitet 09.05.2025 19:15:55

The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

4.8

CVE-2022-1564

Exploit
  • EPSS 0.21%
  • Veröffentlicht 30.05.2022 09:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:58

The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

5.4

CVE-2021-24526

Exploit
  • EPSS 0.37%
  • Veröffentlicht 16.08.2021 11:15:08
  • Zuletzt bearbeitet 21.11.2024 05:53:14

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Sto...

9.8

CVE-2019-10866

Exploit
  • EPSS 13.94%
  • Veröffentlicht 23.05.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 04:20:00

In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.