Vulnerabilities > 10Web > Form Maker > 1.15.23

DATE CVE VULNERABILITY TITLE RISK
2024-11-10 CVE-2024-10265 Cross-site Scripting vulnerability in 10Web Form Maker
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30.
network
low complexity
10web CWE-79
6.1
6.1
2024-09-26 CVE-2024-8633 Cross-site Scripting vulnerability in 10Web Form Maker
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping.
network
low complexity
10web CWE-79
4.8
4.8