Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Information

Software Type Plugin
Software Slug form-maker (view on wordpress.org)
Software Status Active
Software Author 10web
Software Website 10web.io
Software Downloads 4,738,606
Software Active Installs 50,000
Software Record Last Updated May 19, 2024

18 Vulnerabilities

Form Maker by 10Web <= 1.12.21 - CSV Injection
7.8
CVE-2018-10504
Apr 27, 2018
Researcher: Jetty Sairam
Form Maker by 10Web <= 1.13.4 - Cross-Site Request Forgery to Local File Inclusion
8.1
CVE-2019-11590
Apr 5, 2019
Researcher: p4n
Form Maker by 10Web <= 1.13.2 - Authenticated SQL Injection
8.8
CVE-2019-10866
May 10, 2019
Researcher: Daniele Scanu
Form Maker by 10Web <= 1.13.35 - SQL Injection
7.2
CVE ID Unknown
May 26, 2020
Researcher: Vu Tien Hoa
Form Maker by 10Web < 1.13.40 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Jul 12, 2020
Researcher: Andy Tyler
Form Maker <= 1.13.59 - Authenticated Stored Cross-Site Scripting
5.4
CVE-2021-24526
Jul 15, 2021
Researcher: Felipe Restrepo Rodriguez (pfelilpe)
Form Maker <= 1.14.11 - Stored Cross-Site Scripting
5.5
CVE-2022-1564
May 9, 2022
Researchers: Abhinav Porwal, Hitesh Kumar
Form Maker <= 1.15.5 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2022-3300
Sep 29, 2022
Researcher: Nguyen Duy Quoc Khanh
Form Maker <= 1.15.16 - Missing Authorization in check_score
4.3
CVE ID Unknown
Jun 14, 2023
Researchers:
Form Maker by 10Web <= 1.15.19 - Unauthenticated Arbitrary File Upload
9.8
CVE-2023-4666
Sep 7, 2023
Researcher: dc11
Form Maker by 10Web <= 1.15.18 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2023-45071
Oct 3, 2023
Researcher: Vladislav Pokrovsky (ΞX.MI)
Form Maker by 10Web <= 1.15.18 - Reflected Cross-Site Scripting
6.1
CVE-2023-45070
Oct 3, 2023
Researcher: Vladislav Pokrovsky (ΞX.MI)
Form Maker <= 1.15.20 - Captcha Bypass
5.3
CVE-2023-48290
Oct 11, 2023
Researcher: qilin_99
Form-Maker (twb_form-maker) <= 1.15.21 - Cross-Site Request Forgery to Limited Code Execution via Execute
5.4
CVE-2024-0667
Jan 26, 2024
Researcher: SudoBash
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure
5.9
CVE-2024-2112
Mar 22, 2024
Researcher: Tim Coen
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.23 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-32534
Apr 15, 2024
Researcher: Joel Indra
Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting
4.4
CVE-2024-2258
Apr 26, 2024
Researcher: stealthcopter
Form Maker by 10Web <= 1.15.24 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2024-34437
May 7, 2024
Researcher: Huynh Tien Si
Title Status CVE ID CVSS Researchers Date
Form Maker by 10Web <= 1.12.21 - CSV Injection Patched CVE-2018-10504 7.8 Jetty Sairam April 27, 2018
Form Maker by 10Web <= 1.13.4 - Cross-Site Request Forgery to Local File Inclusion Patched CVE-2019-11590 8.1 p4n April 5, 2019
Form Maker by 10Web <= 1.13.2 - Authenticated SQL Injection Patched CVE-2019-10866 8.8 Daniele Scanu May 10, 2019
Form Maker by 10Web <= 1.13.35 - SQL Injection Patched 7.2 Vu Tien Hoa May 26, 2020
Form Maker by 10Web < 1.13.40 - Reflected Cross-Site Scripting Patched 6.1 Andy Tyler July 12, 2020
Form Maker <= 1.13.59 - Authenticated Stored Cross-Site Scripting Patched CVE-2021-24526 5.4 Felipe Restrepo Rodriguez (pfelilpe) July 15, 2021
Form Maker <= 1.14.11 - Stored Cross-Site Scripting Patched CVE-2022-1564 5.5 Abhinav Porwal, Hitesh Kumar May 9, 2022
Form Maker <= 1.15.5 - Authenticated (Administrator+) SQL Injection Patched CVE-2022-3300 7.2 Nguyen Duy Quoc Khanh September 29, 2022
Form Maker <= 1.15.16 - Missing Authorization in check_score Patched 4.3 June 14, 2023
Form Maker by 10Web <= 1.15.19 - Unauthenticated Arbitrary File Upload Patched CVE-2023-4666 9.8 dc11 September 7, 2023
Form Maker by 10Web <= 1.15.18 - Unauthenticated Stored Cross-Site Scripting Patched CVE-2023-45071 7.2 Vladislav Pokrovsky (ΞX.MI) October 3, 2023
Form Maker by 10Web <= 1.15.18 - Reflected Cross-Site Scripting Patched CVE-2023-45070 6.1 Vladislav Pokrovsky (ΞX.MI) October 3, 2023
Form Maker <= 1.15.20 - Captcha Bypass Patched CVE-2023-48290 5.3 qilin_99 October 11, 2023
Form-Maker (twb_form-maker) <= 1.15.21 - Cross-Site Request Forgery to Limited Code Execution via Execute Patched CVE-2024-0667 5.4 SudoBash January 26, 2024
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure Patched CVE-2024-2112 5.9 Tim Coen March 22, 2024
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.23 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2024-32534 4.4 Joel Indra April 15, 2024
Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting Patched CVE-2024-2258 4.4 stealthcopter April 26, 2024
Form Maker by 10Web <= 1.15.24 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2024-34437 4.4 Huynh Tien Si May 7, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation