Vulnerabilities > 10Web > Form Maker > 1.15.25

DATE CVE VULNERABILITY TITLE RISK
2024-11-10 CVE-2024-10265 Cross-site Scripting vulnerability in 10Web Form Maker
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30.
network
low complexity
10web CWE-79
6.1
6.1
2024-09-26 CVE-2024-8633 Cross-site Scripting vulnerability in 10Web Form Maker
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping.
network
low complexity
10web CWE-79
4.8
4.8
2024-08-12 CVE-2024-43220 Cross-site Scripting vulnerability in 10Web Form Maker
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26.
network
low complexity
10web CWE-79
6.1
6.1