Vulnerabilities > 10Web > Form Maker > High

DATE CVE VULNERABILITY TITLE RISK
2024-04-09 CVE-2024-2112 Unspecified vulnerability in 10Web Form Maker
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality.
network
low complexity
10web
7.5
2022-10-25 CVE-2022-3300 Unspecified vulnerability in 10Web Form Maker
The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
network
low complexity
10web
7.2
2019-04-29 CVE-2019-11590 Inclusion of Functionality from Untrusted Control Sphere vulnerability in 10Web Form Maker
The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['action'] value, and the latter is unsanitized.
network
low complexity
10web CWE-829
8.8