Unauthenticated SQL Injection in Form Maker by 10Web
CVE-2026-39502
9.3CRITICAL
What is CVE-2026-39502?
The Form Maker plugin by 10Web is susceptible to an unauthenticated SQL injection vulnerability, impacting versions up to 1.15.38. This issue allows attackers to execute arbitrary SQL queries on the database without authentication, potentially leading to sensitive data exposure or manipulation. Website owners using this plugin are strongly advised to update to the latest version to mitigate risks.
Affected Version(s)
Form Maker by 10Web <= 1.15.38