Form maker
This hub aggregates every CVE we track for Form maker, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
2
Critical
3
High
0
In CISA KEV
Severity distribution
HIGH3MEDIUM3CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
2024-082026-07
Latest CVEs
The 8 most recently published vulnerabilities affecting Form maker.
- CVE-2018-25346WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php7.1
- CVE-2024-34437WordPress Form Maker by 10Web plugin <= 1.15.24 - Cross Site Scripting (XSS) vulnerability5.9
- CVE-2022-1564Form Maker By 10Web < 1.14.12 - Admin+ Stored Cross-Site Scripting4.8
- CVE-2021-24526Form Maker < 1.13.60 - Authenticated Stored XSS5.4
- CVE-2019-10866In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a craf...9.8
- CVE-2019-11590The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can ...8.8
- CVE-2018-10504The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress allows CSV injection.7.8
- CVE-2018-5991SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.9.8
Product normalization is registry-driven with AI assist and human review. How it works