Vulnerabilities > 10Web > Form Maker > 1.15.14

DATE CVE VULNERABILITY TITLE RISK
2024-01-27 CVE-2024-0667 Cross-Site Request Forgery (CSRF) vulnerability in 10Web Form Maker
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21.
network
low complexity
10web CWE-352
6.3
6.3
2023-10-18 CVE-2023-45070 Cross-site Scripting vulnerability in 10Web Form Maker
Unauth.
network
low complexity
10web CWE-79
6.1
6.1
2023-10-18 CVE-2023-45071 Cross-site Scripting vulnerability in 10Web Form Maker
Unauth.
network
low complexity
10web CWE-79
6.1
6.1
2023-10-16 CVE-2023-4666 Unspecified vulnerability in 10Web Form Maker
The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE
network
low complexity
10web
critical
 9.8
9.8