http://hirataku.club - iThemes Security Site Scanner

WordPress Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.42 - Unauthenticated SQL Injection vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: SQL Injection
Score:: 9.3

Fixed in Version 1.15.43

PatchStack

Details

CVE

2026-3359

Publicly Published: 2026-05-05
Created: 2026-05-05

WordPress Form Maker by 10Web plugin <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: SQL Injection
Score:: 7.6

Fixed in Version 1.15.41

PatchStack

Details

CVE

2026-3330

Publicly Published: 2026-04-17
Created: 2026-04-17

WordPress Form Maker by 10Web plugin <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 7.1

Fixed in Version 1.15.41

PatchStack

Details

CVE

2026-4388

Publicly Published: 2026-04-16
Created: 2026-04-14

WordPress Form Maker plugin < 1.15.38 - SQL Injection vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: SQL Injection
Score:: 9.3

Fixed in Version 1.15.38

PatchStack

Details

CVE

2025-15441

Publicly Published: 2026-04-14
Created: 2026-04-14

WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: SQL Injection
Score:: 9.3

Fixed in Version 1.15.39

PatchStack

Details

CVE

2026-39502

Publicly Published: 2026-04-08
Created: 2026-04-08

WordPress Form Maker by 10Web plugin <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 7.1

Fixed in Version 1.15.36

PatchStack

Details

CVE

2026-1058

Publicly Published: 2026-02-06
Created: 2026-02-02

WordPress Form Maker by 10Web plugin <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 7.1

Fixed in Version 1.15.36

PatchStack

Details

CVE

2026-1065

Publicly Published: 2026-02-06
Created: 2026-02-02

WordPress Form Maker by 10Web plugin < 1.15.31 - Admin+ Stored XSS vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 1.15.31

PatchStack

Details

CVE

2024-10562

Publicly Published: 2025-12-31
Created: 2025-12-31

WordPress Form Maker by 10Web plugin < 1.15.33 - Admin+ Stored XSS via Theme Title vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 1.15.33

PatchStack

Details

CVE

2024-13053

Publicly Published: 2025-05-27
Created: 2025-05-27

WordPress Form Maker by 10Web plugin <= 1.15.33 - Cross Site Scripting (XSS) Vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 1.15.34

PatchStack

Details

CVE

2025-48341

Publicly Published: 2025-05-19
Created: 2025-05-19

WordPress Form Maker by 10Web plugin < 1.15.32 - Admin+ Stored XSS vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 1.15.32

PatchStack

Details

CVE

2024-10680

Publicly Published: 2025-04-16
Created: 2025-04-16

WordPress Form Maker by 10Web plugin < 1.15.30 - Admin+ Stored XSS vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 1.15.30

PatchStack

Details

CVE

2024-10558

Publicly Published: 2025-03-24
Created: 2025-03-24

WordPress Form Maker by 10Web plugin < 1.15.33 - Admin+ Stored XSS vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 1.15.33

PatchStack

Details

CVE

2024-13605

Publicly Published: 2025-02-24
Created: 2025-02-24

WordPress Form Maker by 10Web plugin <= 1.15.27 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 6.5

Fixed in Version 1.15.28

PatchStack

Details

CVE

2024-5020

Publicly Published: 2024-12-03
Created: 2024-12-04

WordPress Form Maker by 10Web plugin <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 7.1

Fixed in Version 1.15.31

PatchStack

Details

CVE

2024-10265

Publicly Published: 2024-11-11
Created: 2024-11-11

WordPress Form Maker plugin <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 1.15.28

PatchStack

Details

CVE

2024-8633

Publicly Published: 2024-09-26
Created: 2024-09-26

WordPress Form Maker by 10Web plugin <= 1.15.26 - Reflected Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 7.1

Fixed in Version 1.15.27

PatchStack

Details

CVE

2024-43220

Publicly Published: 2024-08-09
Created: 2024-08-09

WordPress Form Maker by 10Web plugin < 1.15.26 - Admin+ Stored XSS vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 1.15.26

PatchStack

Details

CVE

2024-6130

Publicly Published: 2024-07-01
Created: 2024-07-01

WordPress Form Maker by 10Web plugin <= 1.15.24 - Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 1.15.25

PatchStack

Details

CVE

2024-34437

Publicly Published: 2024-05-07
Created: 2024-05-07

WordPress Form Maker by 10Web plugin <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 6.5

Fixed in Version 1.15.25

PatchStack

Details

CVE

2024-2258

Publicly Published: 2024-04-29
Created: 2024-04-29

WordPress Form Maker plugin <= 1.15.23 - Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.9

Fixed in Version 1.15.24

PatchStack

Details

CVE

2024-32534

Publicly Published: 2024-04-15
Created: 2024-04-15

WordPress Form Maker by 10Web plugin <= 1.15.22 - Sensitive Information Exposure vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Sensitive Data Exposure
Score:: 5.9

Fixed in Version 1.15.23

PatchStack

Details

CVE

2024-2112

Publicly Published: 2024-03-25
Created: 2024-03-25

WordPress Form-Maker plugin <= 1.15.21 - Cross-Site Request Forgery to Limited Code Execution via Execute vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Request Forgery (CSRF)
Score:: 4.3

Fixed in Version 1.15.22

PatchStack

Details

CVE

2024-0667

Publicly Published: 2024-01-29
Created: 2024-01-29

WordPress Form Maker by 10Web plugin <= 1.15.20 - Captcha Bypass Vulnerability vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Bypass Vulnerability
Score:: 5.3

Fixed in Version 1.15.21

PatchStack

Details

CVE

2023-48290

Publicly Published: 2023-11-23
Created: 2023-11-23

WordPress Form Maker by 10Web plugin <= 1.15.18 - Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 7.1

Fixed in Version 1.15.19

PatchStack

Details

CVE

2023-45071

Publicly Published: 2023-10-03
Created: 2023-10-03

WordPress Form Maker by 10Web plugin <= 1.15.18 - Reflected Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 7.1

Fixed in Version 1.15.19

PatchStack

Details

CVE

2023-45070

Publicly Published: 2023-10-03
Created: 2023-10-03

WordPress Form Maker by 10Web plugin <= 1.15.19 - Unauthenticated Arbitrary File Upload Vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Arbitrary File Upload
Score:: 10

Fixed in Version 1.15.20

PatchStack

Details

Publicly Published: 2023-09-07
Created: 2023-09-07

WordPress Form Maker by 10Web plugin <= 1.15.5 - Authenticated SQL Injection (SQLi) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: SQL Injection
Score:: 8.2

Fixed in Version 1.15.6

PatchStack

Details

CVE

2022-3300

Publicly Published: 2022-10-03
Created: 2022-10-03

WordPress Form Maker by 10Web plugin <= 1.14.11 - Stored Cross-Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 4.8

Fixed in Version 1.14.12

PatchStack

Details

CVE

2022-1564

Publicly Published: 2022-05-09
Created: 2022-05-11

WordPress Form Maker plugin <= 1.13.59 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 4.8

Fixed in Version 1.13.60

PatchStack

Details

CVE

2021-24526

Publicly Published: 2021-07-15
Created: 2023-06-13

WordPress Form Maker by 10Web plugin <= 1.13.56 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 4.1

Fixed in Version 1.13.57

PatchStack

Details

Publicly Published: 2021-05-19
Created: 2021-06-08

WordPress Form Maker by 10Web plugin <= 1.13.56 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 4.8

Fixed in Version 1.13.57

PatchStack

Details

Publicly Published: 2021-05-19
Created: 2021-06-08

WordPress Form Maker by 10Web plugin <= 1.13.39 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:: Cross Site Scripting (XSS)
Score:: 5.4

Fixed in Version 1.13.40

PatchStack

Details

Publicly Published: 2020-07-12
Created: 2021-04-26