cleantalk
Vulnerabilities and Security Researches

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder, CVE-2018-25346

CVE, Research URL

CVE-2018-25346

Home page URL

Security reports for Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Application

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Published on
May 23, 2026
Research Description
Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder [form-maker] <= 1.12.24 (unfixed) CVE-2018-25346 [en] WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMapping and generete_csv actions. Attackers can submit POST requests with malicious SQL payloads in the name and search_labels parameters to extract, modify, or escalate privileges within the WordPress database.
Affected versions
max 1.12.24.
Status
vulnerable
Previous vulnerability researches
Publish 2 Ping.fm (CVE-2026-6702) , May 07, 2026
New vulnerability
Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder (CVE-2018-25346) , May 26, 2026
Ditty – Responsive News Tickers, Sliders, and Lists (CVE-2026-9011) , May 24, 2026
GSheet For Woo Importer (CVE-2026-4843) , May 24, 2026
Email Marketing, Email Automation &amp; Newsletter for WordPress &amp; WooCommerce – Mail Mint (CVE-2026-27349) , May 24, 2026
Location Weather – Best Weather Forecast Widget Plugin for WordPress (CVE-2026-7249) , May 24, 2026