10web Form_maker
24 CVEs affecting 10web Form_maker. Latest disclosed: 2025-05-15. Critical: 2, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4666 | Critical | 9.8 | 2023-10-16 | The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated… |
CVE-2019-10866 | Critical | 9.8 | 2019-05-23 | In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin… |
CVE-2019-11590 | High | 8.8 | 2019-04-29 | The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via d… |
CVE-2022-3300 | High | 7.2 | 2022-10-25 | The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL i… |
CVE-2024-43220 | High | 7.1 | 2024-08-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows… |
CVE-2023-45071 | High | 7.1 | 2023-10-18 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugi… |
CVE-2023-45070 | High | 7.1 | 2023-10-18 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder pl… |
CVE-2024-10265 | Medium | 6.1 | 2024-11-10 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use… |
CVE-2024-34437 | Medium | 5.9 | 2024-05-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored… |
CVE-2024-32534 | Medium | 5.9 | 2024-04-17 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored… |
CVE-2024-2112 | Medium | 5.9 | 2024-04-09 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions… |
CVE-2024-8633 | Medium | 5.5 | 2024-09-26 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up… |
CVE-2024-0667 | Medium | 5.4 | 2024-01-27 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up… |
CVE-2021-24526 | Medium | 5.4 | 2021-08-16 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it… |
CVE-2023-48290 | Medium | 5.3 | 2024-06-04 | Improper Restriction of Excessive Authentication Attempts vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Functionality Bypass.This issue a… |
CVE-2024-13053 | Medium | 4.8 | 2025-05-15 | The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admi… |
CVE-2024-10680 | Medium | 4.8 | 2025-04-16 | The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admi… |
CVE-2024-13605 | Medium | 4.8 | 2025-02-24 | The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admi… |
CVE-2024-6130 | Medium | 4.8 | 2024-07-01 | The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admi… |
CVE-2022-1564 | Medium | 4.8 | 2022-05-30 | The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as ad… |