cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10562,https://securityvulnerability.io/vulnerability/CVE-2024-10562,Stored Cross-Site Scripting Vulnerability in Form Maker by 10Web for WordPress,"The Form Maker plugin by 10Web for WordPress, when used in versions earlier than 1.15.31, is susceptible to a stored cross-site scripting (XSS) vulnerability. This issue arises because certain plugin settings are not properly sanitized or escaped. As a result, users with high privileges, such as administrators, may inadvertently execute malicious scripts even in configurations where the 'unfiltered_html' capability is disabled, potentially exposing WordPress multisite setups to significant security risks.",Wordpress,Form Maker By 10web,,,0.0004299999854993075,false,,false,false,true,true,false,false,2025-01-07T06:00:03.350Z,0
CVE-2024-10265,https://securityvulnerability.io/vulnerability/CVE-2024-10265,Unauthenticated Attackers Can Trick Users into Injecting Arbitrary Scripts: The Form Maker by 10Web Plugin Vulnerability,"The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-10T12:30:34.046Z,0
CVE-2024-8633,https://securityvulnerability.io/vulnerability/CVE-2024-8633,Stored Cross-Site Scripting Vulnerability in The Form Maker,"The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,4.8,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-09-26T11:32:38.668Z,0
CVE-2024-6130,https://securityvulnerability.io/vulnerability/CVE-2024-6130,Unfiltered HTML Setting Vulnerability in The Form Maker WordPress Plugin Allows Stored Cross-Site Scripting Attacks,"The Form Maker by 10Web  WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Form Maker By 10web,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-01T06:00:01.641Z,0
CVE-2024-2258,https://securityvulnerability.io/vulnerability/CVE-2024-2258,Stored Cross-Site Scripting Vulnerability in The Form Maker for WordPress,"The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-27T03:33:35.216Z,0
CVE-2024-2112,https://securityvulnerability.io/vulnerability/CVE-2024-2112,Sensitive Information Exposure in Form Maker Plugin for WordPress by 10Web,"The Form Maker plugin by 10Web for WordPress is susceptible to a vulnerability that allows unauthenticated attackers to gain access to sensitive information through the signature functionality. This exposure enables attackers to extract critical user data, including signatures, from all versions of the plugin up to and including 1.15.22. It is important for users of the plugin to update to the latest version to mitigate this issue and protect their sensitive data.",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:58:49.733Z,0
CVE-2024-0667,https://securityvulnerability.io/vulnerability/CVE-2024-0667,Cross-Site Request Forgery Vulnerability in Form Maker by 10Web for WordPress,"The Form Maker by 10Web plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw is rooted in the absence of proper nonce validation within the 'execute' function, allowing unauthenticated attackers to execute arbitrary methods within the 'BoosterController' class. Attackers could exploit this vulnerability by tricking an administrator into clicking a malicious link, potentially compromising the site's functionality and security.",Wordpress,Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder,6.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2024-01-27T03:32:46.380Z,0
CVE-2023-4666,https://securityvulnerability.io/vulnerability/CVE-2023-4666,Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload,"The Form Maker by 10Web plugin for WordPress prior to version 1.15.20 contains a security flaw due to the lack of proper validation of user input when generating signatures on the server. This weakness allows unauthenticated attackers to craft arbitrary files, which could potentially lead to remote code execution. It is crucial for users to update to the latest version to mitigate this risk.",Wordpress,Form Maker by 10Web,9.8,CRITICAL,0.0052200001664459705,false,,false,false,false,,false,false,2023-10-16T20:15:00.000Z,0
CVE-2022-3300,https://securityvulnerability.io/vulnerability/CVE-2022-3300,Form Maker by 10Web < 1.15.6 - Admin+ SQLI,"The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,7.2,HIGH,0.0014199999859556556,false,,false,false,false,,false,false,2022-10-25T00:00:00.000Z,0
CVE-2022-1564,https://securityvulnerability.io/vulnerability/CVE-2022-1564,Form Maker By 10Web < 1.14.12 - Admin+ Stored Cross-Site Scripting,"The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-05-30T08:35:57.000Z,0
CVE-2021-24526,https://securityvulnerability.io/vulnerability/CVE-2021-24526,Form Maker < 1.13.60 - Authenticated Stored XSS,"The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-08-16T10:48:26.000Z,0