Overview
- Description
- The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Source
- security@wordfence.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@wordfence.com
- CWE-79
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10265 (Published: 2024-11-10) - A critical vulnerability in 10Web plugin affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. Stay secure! 🔒 For more details, check the changeset: https://t.co/b7Uk3xHv4Q #WordPress
@transilienceai
13 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) affects 10Web. This high-severity vulnerability impacts specific versions of the plugin. Users are urged to update to the latest version immediately to mitigate risks. Stay secure! 🔒 More info: https://t.co/b7Uk3xHv4Q #CyberSecurity… htt
@transilienceai
13 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) - A high-severity vulnerability in 10Web Form Maker affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For more details, check the code here: https://t.co/QXK3lztFVh #WordPress… https
@transilienceai
13 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) - A high-severity vulnerability in 10Web Form Maker affects multiple versions. Ensure your plugin is updated to the latest version to mitigate risks. Check the details here: https://t.co/QXK3lztFVh #WordPress #Security
@transilienceai
13 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) - A high-severity vulnerability in 10Web Form Maker. Affected versions are exploitable. 🛠️ Ensure you update to the latest version to mitigate risks. For more details, check the code here: https://t.co/QXK3lztFVh #WordPress #Security
@transilienceai
13 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) - A critical vulnerability in the 10Web Form Maker plugin affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For more details, visit: https://t.co/tyOozqRnct #WordPress… https://t.co/
@transilienceai
11 Nov 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) - A critical vulnerability in the 10Web Form Maker plugin affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. Stay secure! 🔒 More info: https://t.co/tyOozqRnct #WordPress #Security
@transilienceai
11 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) - A high-severity vulnerability in 10Web plugin affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. Stay secure! 🔒 For more details, check the changeset: https://t.co/b7Uk3xGXfi… http
@transilienceai
11 Nov 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) - A high-severity vulnerability in 10Web. Affected versions are at risk! 🔒 Ensure you update to the latest version to mitigate potential exploits. For more details, check the changeset: https://t.co/b7Uk3xGXfi #WordPress #SecurityUpdate
@transilienceai
11 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) - A high-severity vulnerability in 10Web Form Maker affects multiple versions. Users are urged to update to the latest version to mitigate risks. For details, check the code here: https://t.co/QXK3lzt85J #WordPress #Security
@transilienceai
11 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) - A high-severity vulnerability in 10Web Form Maker. Affects multiple versions. 🛠️ Remediation: Update to the latest version to mitigate risks. For details, check the code here: https://t.co/QXK3lzt85J #WordPress #Security
@transilienceai
11 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) - A high-severity vulnerability in 10Web Form Maker affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For details, check the code here: https://t.co/QXK3lzt85J #WordPress #Security
@transilienceai
11 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) - A high-severity vulnerability in 10Web's Form Maker plugin. Affected versions are exploitable, posing risks to your site. 🔒 Remediation: Update to the latest version to secure your WordPress installation. More details:… https://t.co/WA
@transilienceai
11 Nov 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) - A critical vulnerability in 10Web Form Maker affects multiple versions. Users are urged to update to the latest version to mitigate risks. For more details, check the code here: https://t.co/QXK3lzt85J #WordPress #Security
@transilienceai
11 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10265 (Published: 2024-11-10) - A critical vulnerability in 10Web Form Maker affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For more details, check the code here: https://t.co/QXK3lzt85J #WordPress #Security
@transilienceai
11 Nov 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10265 Reflected XSS Vulnerability in 10Web's Form Maker Plugin The Form Maker by 10Web plugin for WordPress has a Reflected Cross-Site Scripting issue. This happens because add_query_arg lacks proper esc... https://t.co/QEdkbrY4JP
@VulmonFeeds
10 Nov 2024
89 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-10265 The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_… https://t.co/cWXH8Z1a7P
@CVEnew
10 Nov 2024
693 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:10web:form_maker:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "E9CAD42C-E15C-4F36-8E80-1BE80F39B3FE",
"versionEndExcluding": "1.15.31"
}
],
"operator": "OR"
}
]
}
]