Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Information

Software Type Plugin
Software Slug form-maker (view on wordpress.org)
Software Status Active
Software Author 10web
Software Website 10web.io
Software Downloads 4,617,245
Software Active Installs 60,000
Software Record Last Updated September 29, 2023

10 vulnerabilities

Form Maker by 10Web <= 1.15.19 - Unauthenticated Arbitrary File Upload
9.8
CVE-2023-4666
Sep 7, 2023
Researcher: dc11
Form Maker <= 1.15.16 - Missing Authorization in check_score
4.3
CVE ID Unknown
Jun 14, 2023
Researchers:
Form Maker <= 1.15.5 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2022-3300
Sep 29, 2022
Researcher: Nguyen Duy Quoc Khanh
Form Maker <= 1.14.11 - Stored Cross-Site Scripting
5.5
CVE-2022-1564
May 9, 2022
Researchers: Abhinav Porwal, Hitesh Kumar
Form Maker <= 1.13.59 - Authenticated Stored Cross-Site Scripting
5.4
CVE-2021-24526
Jul 15, 2021
Researcher: Felipe Restrepo Rodriguez
Form Maker by 10Web < 1.13.40 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Jul 12, 2020
Researcher: Andy Tyler
Form Maker by 10Web <= 1.13.35 - SQL Injection
7.2
CVE ID Unknown
May 26, 2020
Researcher: Vu Tien Hoa
Form Maker by 10Web <= 1.13.2 - Authenticated SQL Injection
8.8
CVE-2019-10866
May 10, 2019
Researcher: Daniele Scanu
Form Maker by 10Web <= 1.13.4 - Cross-Site Request Forgery to Local File Inclusion
8.1
CVE-2019-11590
Apr 5, 2019
Researcher: p4n
Form Maker by 10Web <= 1.12.21 - CSV Injection
7.8
CVE-2018-10504
Apr 27, 2018
Researcher: Jetty Sairam
Title CVE ID CVSS Researchers Date
Form Maker by 10Web <= 1.15.19 - Unauthenticated Arbitrary File Upload CVE-2023-4666 9.8 dc11 September 7, 2023
Form Maker <= 1.15.16 - Missing Authorization in check_score 4.3 June 14, 2023
Form Maker <= 1.15.5 - Authenticated (Administrator+) SQL Injection CVE-2022-3300 7.2 Nguyen Duy Quoc Khanh September 29, 2022
Form Maker <= 1.14.11 - Stored Cross-Site Scripting CVE-2022-1564 5.5 Abhinav Porwal, Hitesh Kumar May 9, 2022
Form Maker <= 1.13.59 - Authenticated Stored Cross-Site Scripting CVE-2021-24526 5.4 Felipe Restrepo Rodriguez July 15, 2021
Form Maker by 10Web < 1.13.40 - Reflected Cross-Site Scripting 6.1 Andy Tyler July 12, 2020
Form Maker by 10Web <= 1.13.35 - SQL Injection 7.2 Vu Tien Hoa May 26, 2020
Form Maker by 10Web <= 1.13.2 - Authenticated SQL Injection CVE-2019-10866 8.8 Daniele Scanu May 10, 2019
Form Maker by 10Web <= 1.13.4 - Cross-Site Request Forgery to Local File Inclusion CVE-2019-11590 8.1 p4n April 5, 2019
Form Maker by 10Web <= 1.12.21 - CSV Injection CVE-2018-10504 7.8 Jetty Sairam April 27, 2018

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation