Approved changes feed: RSS · Atom

cpe:2.3:a:10web:form_maker:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor10Web (a48aaa7e-f686-5cd9-9b59-60b5c3bf60d0)
ProductForm Maker (a03db78f-bb71-5168-9182-28644ee01cb7)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-8633 vulnerable 2026-06-08 07:00:25.304277 Form Maker <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site Scripting
MEDIUM (5.5)
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-09-26T11:32:38.668Z
Updated: 2026-04-08T16:43:39.596Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-6130 vulnerable 2026-06-08 06:58:17.905533 Form Maker by 10Web < 1.15.26 - Admin+ Stored XSS
The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Published: 2024-07-01T06:00:01.641Z
Updated: 2024-10-30T13:27:15.649Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-43220 vulnerable 2026-06-08 06:45:49.889886 WordPress Form Maker by 10Web plugin <= 1.15.26 - Reflected Cross Site Scripting (XSS) vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26.
Published: 2024-08-12T21:22:38.130Z
Updated: 2026-04-28T16:10:09.881Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-34437 vulnerable 2026-06-08 06:37:33.294564 WordPress Form Maker by 10Web plugin <= 1.15.24 - Cross Site Scripting (XSS) vulnerability
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.24.
Published: 2024-05-09T11:03:03.215Z
Updated: 2026-04-28T16:09:48.781Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-32534 vulnerable 2026-06-08 06:37:23.097768 WordPress Form Maker plugin <= 1.15.23 - Cross Site Scripting (XSS) vulnerability
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.23.
Published: 2024-04-17T08:44:16.095Z
Updated: 2026-04-28T16:09:36.603Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2258 vulnerable 2026-06-08 06:33:30.719673 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-2112 vulnerable 2026-06-08 06:33:30.366090 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-13605 vulnerable 2026-06-08 06:25:38.036498 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-13053 vulnerable 2026-06-08 06:25:36.602768 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-10680 vulnerable 2026-06-08 06:23:47.255566 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-10562 vulnerable 2026-06-08 06:23:46.957341 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-10560 vulnerable 2026-06-08 06:23:46.956234 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-10558 vulnerable 2026-06-08 06:23:46.952912 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-10265 vulnerable 2026-06-08 06:22:03.877762 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0667 vulnerable 2026-06-08 06:22:01.680175 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-4666 vulnerable 2026-06-08 06:16:14.088713 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-48290 vulnerable 2026-06-08 06:14:26.824423 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-45071 vulnerable 2026-06-08 06:12:41.791134 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-45070 vulnerable 2026-06-08 06:12:41.790455 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-3300 vulnerable 2026-06-08 05:47:20.272285 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-1564 vulnerable 2026-06-08 05:39:13.463940 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-24526 vulnerable 2026-06-08 05:30:04.525558 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-11590 vulnerable 2026-06-08 05:12:37.695502 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-10866 vulnerable 2026-06-08 05:12:25.354865 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-25346 vulnerable 2026-06-08 05:11:29.823770 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.