XSS Vulnerability in 10Web Form Maker (Reflected XSS)
CVE-2024-43220

7.1HIGH

Key Information:

Vendor: WordPress
Status: Form Maker By 10web
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-43220?

The 10Web Form Maker plugin is vulnerable to a Cross-Site Scripting (XSS) issue, which may allow attackers to execute arbitrary JavaScript in the context of a user's browser via reflected XSS attacks. This vulnerability impacts Form Maker versions up to and including 1.15.26, with potential for data leakage and user session hijacking if exploited. Ensuring timely updates is critical to maintaining web security.

Affected Version(s)

Form Maker by 10Web <= 1.15.26

References

https://patchstack.com/database/vulnerability/form-maker/...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024

CVE-2024-43220 Data

JSON

WordPress

What is CVE-2024-43220?

Affected Version(s)

References

CVSS V3.1

Timeline