Vulnerabilities > 10Web > Form Maker > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-04-09 | CVE-2024-2112 | Unspecified vulnerability in 10Web Form Maker The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. | 7.5 |
2022-10-25 | CVE-2022-3300 | Unspecified vulnerability in 10Web Form Maker The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | 7.2 |
2019-04-29 | CVE-2019-11590 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in 10Web Form Maker The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized. | 8.8 |