Every CVE whose affected-product data names 10web Form Maker, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2019-10866 — CVSS 9.8 (critical): In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the…
CVE-2023-4666 — CVSS 9.8 (critical): The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input…
CVE-2019-11590 — CVSS 8.8 (high): The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local…
CVE-2022-3300 — CVSS 7.2 (high): The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL…
CVE-2024-43220 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form…
CVE-2023-45070 — CVSS 7.1 (high): Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop…
CVE-2023-45071 — CVSS 7.1 (high): Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop…
CVE-2024-10265 — CVSS 6.1 (medium): The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site…
CVE-2024-34437 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by…
CVE-2024-32534 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by…
CVE-2024-2112 — CVSS 5.9 (medium): The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information…
CVE-2024-8633 — CVSS 5.5 (medium): The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site…
CVE-2024-0667 — CVSS 5.4 (medium): The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request…
CVE-2021-24526 — CVSS 5.4 (medium): The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title…
CVE-2023-48290 — CVSS 5.3 (medium): Improper Restriction of Excessive Authentication Attempts vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Functionality…
CVE-2024-13053 — CVSS 4.8 (medium): The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-13605 — CVSS 4.8 (medium): The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-6130 — CVSS 4.8 (medium): The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2022-1564 — CVSS 4.8 (medium): The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high…
CVE-2024-10680 — CVSS 4.8 (medium): The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-2258 — CVSS 4.4 (medium): The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site…
CVE-2024-10560 — CVSS 3.5 (low): The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-10558 — CVSS 3.5 (low): The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-10562 — CVSS 2.7 (low): The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege…