CVE-2024-10560

Low CVSS: 3.5

The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Vendor

10web

Product

Form Maker

CWE

CWE-79

Yayın Tarihi

2025-03-25 06:15:37

Güncelleme

2025-04-03 17:37:24

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Form Maker LOW 10web 2025

Referanslar

https://wpscan.com/vulnerability/80298c89-544d-4894-a837-253f5f26cf42/

Benzer Kayıtlar

Critical

CVE-2025-13377

The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbit…

Medium

CVE-2024-8670

The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which coul…

Medium

CVE-2024-13053

The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could…

Medium

CVE-2024-10680

The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could…

Medium

CVE-2025-0613

The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by una…

Medium

CVE-2024-10565

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow…