Form Maker By 10Web
Monthly
Unauthenticated SQL injection in the Form Maker by 10Web WordPress plugin (versions ≤ 1.15.38) allows remote attackers to inject arbitrary SQL into backend queries without credentials, leading to database content disclosure and partial integrity/availability impact across a changed security scope. No public exploit identified at time of analysis, but the CVSS 9.3 and trivial network-reachable attack profile make this a high-priority issue for any WordPress site running the plugin. The Patchstack-coordinated disclosure indicates a vendor-tracked flaw, though no fixed version is confirmed in the supplied data.
Unauthenticated SQL injection in the Form Maker by 10Web WordPress plugin (versions ≤ 1.15.38) allows remote attackers to inject arbitrary SQL into backend queries without credentials, leading to database content disclosure and partial integrity/availability impact across a changed security scope. No public exploit identified at time of analysis, but the CVSS 9.3 and trivial network-reachable attack profile make this a high-priority issue for any WordPress site running the plugin. The Patchstack-coordinated disclosure indicates a vendor-tracked flaw, though no fixed version is confirmed in the supplied data.