Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder, 4e3c4624-7ae4-415c-8e54-a4b2049a4302

CVE, Research URL: 4e3c4624-7ae4-415c-8e54-a4b2049a4302
Home page URL: Security reports for Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Application: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Published on: -
Research Description: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder [form-maker] < 1.13.36 Form Maker by 10Web < 1.13.36 - Authenticated SQL Injection Authenticated (admin+) SQL injection in the Form Maker by 10Web WordPress Plugin 1.13.35 exists via the /wordpress/wp-admin/admin.php?page=blocked_ips_fm&s=1" s parameter. Edit (WPScanTeam): - Initial reported version (5.4.1) does not exist, confirmed to be 1.13.35 by researcher - May 25th, 2020 - details made public in other places - May 26th, 2020 - Escalated to WP Plugins Team
Affected versions: max 1.13.36.
Status: vulnerable

Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder, 4e3c4624-7ae4-415c-8e54-a4b2049a4302