Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Information

Software Type Plugin
Software Slug form-maker (view on wordpress.org)
Software Status Active
Software Author 10web
Software Website 10web.io
Software Downloads 4,878,488
Software Active Installs 50,000
Software Record Last Updated December 24, 2024

Showing 1-20 of 23 Vulnerabilities

4.3
CVE ID Unknown
Jun 14, 2023
Researchers:
7.2
CVE ID Unknown
May 26, 2020
Researcher: Vu Tien Hoa
Title Status CVE ID CVSS Researchers Date
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library Patched CVE-2024-5020 6.4 Webbernaut December 3, 2024
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter Patched CVE-2024-10265 6.1 vgo0 November 10, 2024
Form Maker <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2024-8633 5.5 Joel Indra September 25, 2024
Form Maker by 10Web <= 1.15.26 - Reflected Cross-Site Scripting Patched CVE-2024-43220 6.1 Le Ngoc Anh August 9, 2024
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.25 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2024-6130 4.4 Dmitrii Ignatyev June 10, 2024
Form Maker by 10Web <= 1.15.24 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2024-34437 4.4 Huynh Tien Si May 7, 2024
Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting Patched CVE-2024-2258 4.4 stealthcopter April 26, 2024
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.23 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2024-32534 4.4 Joel Indra April 15, 2024
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure Patched CVE-2024-2112 5.9 Tim Coen March 22, 2024
Form-Maker (twb_form-maker) <= 1.15.21 - Cross-Site Request Forgery to Limited Code Execution via Execute Patched CVE-2024-0667 5.4 SudoBash January 26, 2024
Form Maker <= 1.15.20 - Captcha Bypass Patched CVE-2023-48290 5.3 qilin_99 October 11, 2023
Form Maker by 10Web <= 1.15.18 - Reflected Cross-Site Scripting Patched CVE-2023-45070 6.1 RE-ALTER October 3, 2023
Form Maker by 10Web <= 1.15.18 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2023-45071 7.2 RE-ALTER October 3, 2023
Form Maker by 10Web <= 1.15.19 - Unauthenticated Arbitrary File Upload Patched CVE-2023-4666 9.8 dc11 September 7, 2023
Form Maker <= 1.15.16 - Missing Authorization in check_score Patched 4.3 June 14, 2023
Form Maker <= 1.15.5 - Authenticated (Administrator+) SQL Injection Patched CVE-2022-3300 7.2 Nguyen Duy Quoc Khanh September 29, 2022
Form Maker <= 1.14.11 - Stored Cross-Site Scripting Patched CVE-2022-1564 5.5 Abhinav Porwal, Hitesh Kumar May 9, 2022
Form Maker <= 1.13.59 - Authenticated Stored Cross-Site Scripting Patched CVE-2021-24526 5.4 Felipe Restrepo Rodriguez (pfelilpe) July 15, 2021
Form Maker by 10Web < 1.13.40 - Reflected Cross-Site Scripting Patched 6.1 Andy Tyler July 12, 2020
Form Maker by 10Web <= 1.13.35 - SQL Injection Patched 7.2 Vu Tien Hoa May 26, 2020

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation