cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10265,https://securityvulnerability.io/vulnerability/CVE-2024-10265,Unauthenticated Attackers Can Trick Users into Injecting Arbitrary Scripts: The Form Maker by 10Web Plugin Vulnerability,"The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-10T12:30:34.046Z,0
CVE-2024-8633,https://securityvulnerability.io/vulnerability/CVE-2024-8633,Stored Cross-Site Scripting Vulnerability in The Form Maker,"The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,4.8,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-09-26T11:32:38.668Z,0
CVE-2024-2258,https://securityvulnerability.io/vulnerability/CVE-2024-2258,Stored Cross-Site Scripting Vulnerability in The Form Maker for WordPress,"The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-27T03:33:35.216Z,0
CVE-2024-2112,https://securityvulnerability.io/vulnerability/CVE-2024-2112,Sensitive Information Exposure in Form Maker Plugin for WordPress by 10Web,"The Form Maker plugin by 10Web for WordPress is susceptible to a vulnerability that allows unauthenticated attackers to gain access to sensitive information through the signature functionality. This exposure enables attackers to extract critical user data, including signatures, from all versions of the plugin up to and including 1.15.22. It is important for users of the plugin to update to the latest version to mitigate this issue and protect their sensitive data.",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-09T18:58:49.733Z,0
CVE-2024-0667,https://securityvulnerability.io/vulnerability/CVE-2024-0667,Cross-Site Request Forgery Vulnerability in Form Maker by 10Web for WordPress,"The Form Maker by 10Web plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw is rooted in the absence of proper nonce validation within the 'execute' function, allowing unauthenticated attackers to execute arbitrary methods within the 'BoosterController' class. Attackers could exploit this vulnerability by tricking an administrator into clicking a malicious link, potentially compromising the site's functionality and security.",Wordpress,Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder,6.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2024-01-27T03:32:46.380Z,0
CVE-2022-3300,https://securityvulnerability.io/vulnerability/CVE-2022-3300,Form Maker by 10Web < 1.15.6 - Admin+ SQLI,"The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,7.2,HIGH,0.0014199999859556556,false,,false,false,false,,false,false,2022-10-25T00:00:00.000Z,0
CVE-2022-1564,https://securityvulnerability.io/vulnerability/CVE-2022-1564,Form Maker By 10Web < 1.14.12 - Admin+ Stored Cross-Site Scripting,"The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-05-30T08:35:57.000Z,0
CVE-2021-24526,https://securityvulnerability.io/vulnerability/CVE-2021-24526,Form Maker < 1.13.60 - Authenticated Stored XSS,"The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue",Wordpress,Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-08-16T10:48:26.000Z,0