All the vulnerabilites related to Unknown - Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
cve-2022-1564
Vulnerability from cvelistv5
Published
2022-05-30 08:35
Modified
2024-08-03 00:10
Severity ?
EPSS score ?
Summary
The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/a487c7e7-667c-4c92-a427-c43cc13b348d | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Unknown | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder |
Version: 1.14.12 < 1.14.12 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a487c7e7-667c-4c92-a427-c43cc13b348d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Form Maker by 10Web \u2013 Mobile-Friendly Drag \u0026 Drop Contact Form Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.14.12",
"status": "affected",
"version": "1.14.12",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Abhinav Porwal \u0026 Hitesh Kumar"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-30T08:35:57",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a487c7e7-667c-4c92-a427-c43cc13b348d"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Form Maker By 10Web \u003c 1.14.12 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1564",
"STATE": "PUBLIC",
"TITLE": "Form Maker By 10Web \u003c 1.14.12 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag \u0026 Drop Contact Form Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.14.12",
"version_value": "1.14.12"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Abhinav Porwal \u0026 Hitesh Kumar"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a487c7e7-667c-4c92-a427-c43cc13b348d",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a487c7e7-667c-4c92-a427-c43cc13b348d"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1564",
"datePublished": "2022-05-30T08:35:57",
"dateReserved": "2022-05-03T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-24526
Vulnerability from cvelistv5
Published
2021-08-16 10:48
Modified
2024-08-03 19:35
Severity ?
EPSS score ?
Summary
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/17287d8a-ba27-42dc-9370-a931ef404995 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Unknown | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder |
Version: 1.13.60 < 1.13.60 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/17287d8a-ba27-42dc-9370-a931ef404995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Form Maker by 10Web \u2013 Mobile-Friendly Drag \u0026 Drop Contact Form Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.13.60",
"status": "affected",
"version": "1.13.60",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Felipe Restrepo Rodriguez"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Form Maker by 10Web \u2013 Mobile-Friendly Drag \u0026 Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T10:48:26",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/17287d8a-ba27-42dc-9370-a931ef404995"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Form Maker \u003c 1.13.60 - Authenticated Stored XSS",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24526",
"STATE": "PUBLIC",
"TITLE": "Form Maker \u003c 1.13.60 - Authenticated Stored XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Form Maker by 10Web \u2013 Mobile-Friendly Drag \u0026 Drop Contact Form Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.13.60",
"version_value": "1.13.60"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Felipe Restrepo Rodriguez"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Form Maker by 10Web \u2013 Mobile-Friendly Drag \u0026 Drop Contact Form Builder WordPress plugin before 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/17287d8a-ba27-42dc-9370-a931ef404995",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/17287d8a-ba27-42dc-9370-a931ef404995"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24526",
"datePublished": "2021-08-16T10:48:26",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3300
Vulnerability from cvelistv5
Published
2022-10-25 00:00
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Unknown | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder |
Version: 1.15.6 < 1.15.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ddc9ed69-d942-4fad-bbf4-1be3b86460d9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Form Maker by 10Web \u2013 Mobile-Friendly Drag \u0026 Drop Contact Form Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.15.6",
"status": "affected",
"version": "1.15.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Duy Quoc Khanh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-25T00:00:00",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/ddc9ed69-d942-4fad-bbf4-1be3b86460d9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Form Maker by 10Web \u003c 1.15.6 - Admin+ SQLI",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3300",
"datePublished": "2022-10-25T00:00:00",
"dateReserved": "2022-09-26T00:00:00",
"dateUpdated": "2024-08-03T01:07:06.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}