Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Software Type	Plugin
Software Slug	form-maker (view on wordpress.org)
Software Status	Active
Software Author	10web
Software Website	10web.io
Software Downloads	4,732,939
Software Active Installs	50,000
Software Record Last Updated	April 27, 2024

17 Vulnerabilities

Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting

4.4

CVE-2024-2258

Apr 26, 2024

Researcher: stealthcopter

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.23 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-32534

Apr 15, 2024

Researcher: Joel Indra

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure

5.9

CVE-2024-2112

Mar 22, 2024

Researcher: Tim Coen

Form-Maker (twb_form-maker) <= 1.15.21 - Cross-Site Request Forgery to Limited Code Execution via Execute

5.4

CVE-2024-0667

Jan 26, 2024

Researcher: SudoBash

Form Maker <= 1.15.20 - Captcha Bypass

5.3

CVE-2023-48290

Oct 11, 2023

Researcher: qilin_99

Form Maker by 10Web <= 1.15.18 - Reflected Cross-Site Scripting

6.1

CVE-2023-45070

Oct 3, 2023

Researcher: Vladislav Pokrovsky (ΞX.MI)

Form Maker by 10Web <= 1.15.18 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-45071

Oct 3, 2023

Researcher: Vladislav Pokrovsky (ΞX.MI)

Form Maker by 10Web <= 1.15.19 - Unauthenticated Arbitrary File Upload

9.8

CVE-2023-4666

Sep 7, 2023

Researcher: dc11

Form Maker <= 1.15.16 - Missing Authorization in check_score

4.3

CVE ID Unknown

Jun 14, 2023

Researchers:

Form Maker <= 1.15.5 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-3300

Sep 29, 2022

Researcher: Nguyen Duy Quoc Khanh

Form Maker <= 1.14.11 - Stored Cross-Site Scripting

5.5

CVE-2022-1564

May 9, 2022

Researchers: Abhinav Porwal, Hitesh Kumar

Form Maker <= 1.13.59 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2021-24526

Jul 15, 2021

Researcher: Felipe Restrepo Rodriguez (pfelilpe)

Form Maker by 10Web < 1.13.40 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jul 12, 2020

Researcher: Andy Tyler

Form Maker by 10Web <= 1.13.35 - SQL Injection

7.2

CVE ID Unknown

May 26, 2020

Researcher: Vu Tien Hoa

Form Maker by 10Web <= 1.13.2 - Authenticated SQL Injection

8.8

CVE-2019-10866

May 10, 2019

Researcher: Daniele Scanu

Form Maker by 10Web <= 1.13.4 - Cross-Site Request Forgery to Local File Inclusion

8.1

CVE-2019-11590

Apr 5, 2019

Researcher: p4n

Form Maker by 10Web <= 1.12.21 - CSV Injection

7.8

CVE-2018-10504

Apr 27, 2018

Researcher: Jetty Sairam

Title	CVE ID	CVSS	Researchers	Date
Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting	CVE-2024-2258	4.4	stealthcopter	April 26, 2024
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.23 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-32534	4.4	Joel Indra	April 15, 2024
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure	CVE-2024-2112	5.9	Tim Coen	March 22, 2024
Form-Maker (twb_form-maker) <= 1.15.21 - Cross-Site Request Forgery to Limited Code Execution via Execute	CVE-2024-0667	5.4	SudoBash	January 26, 2024
Form Maker <= 1.15.20 - Captcha Bypass	CVE-2023-48290	5.3	qilin_99	October 11, 2023
Form Maker by 10Web <= 1.15.18 - Reflected Cross-Site Scripting	CVE-2023-45070	6.1	Vladislav Pokrovsky (ΞX.MI)	October 3, 2023
Form Maker by 10Web <= 1.15.18 - Unauthenticated Stored Cross-Site Scripting	CVE-2023-45071	7.2	Vladislav Pokrovsky (ΞX.MI)	October 3, 2023
Form Maker by 10Web <= 1.15.19 - Unauthenticated Arbitrary File Upload	CVE-2023-4666	9.8	dc11	September 7, 2023
Form Maker <= 1.15.16 - Missing Authorization in check_score		4.3		June 14, 2023
Form Maker <= 1.15.5 - Authenticated (Administrator+) SQL Injection	CVE-2022-3300	7.2	Nguyen Duy Quoc Khanh	September 29, 2022
Form Maker <= 1.14.11 - Stored Cross-Site Scripting	CVE-2022-1564	5.5	Abhinav Porwal, Hitesh Kumar	May 9, 2022
Form Maker <= 1.13.59 - Authenticated Stored Cross-Site Scripting	CVE-2021-24526	5.4	Felipe Restrepo Rodriguez (pfelilpe)	July 15, 2021
Form Maker by 10Web < 1.13.40 - Reflected Cross-Site Scripting		6.1	Andy Tyler	July 12, 2020
Form Maker by 10Web <= 1.13.35 - SQL Injection		7.2	Vu Tien Hoa	May 26, 2020
Form Maker by 10Web <= 1.13.2 - Authenticated SQL Injection	CVE-2019-10866	8.8	Daniele Scanu	May 10, 2019
Form Maker by 10Web <= 1.13.4 - Cross-Site Request Forgery to Local File Inclusion	CVE-2019-11590	8.1	p4n	April 5, 2019
Form Maker by 10Web <= 1.12.21 - CSV Injection	CVE-2018-10504	7.8	Jetty Sairam	April 27, 2018

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation