Volerion logoVolerion
Volerion logoVolerion

Form Maker by 10Web WordPress Plugin SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the Form Maker by 10Web WordPress plugin, affecting versions prior to 1.15.38. The issue arises because the plugin does not properly sanitize SQL queries when the 'MySQL Mapping' feature is enabled, potentially allowing SQL injection attacks in certain situations.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to execute arbitrary SQL code, potentially leading to unauthorized data access or modification.

Reproduction

The vulnerability can be reproduced by enabling the 'MySQL Mapping' feature in the Form Maker plugin. After creating a query that targets a database table, a payload can be inserted that exploits the SQL injection vulnerability. Once the form is submitted, the injected SQL code will be executed, confirming the presence of the vulnerability.

Remediation

Users are advised to update the Form Maker by 10Web WordPress plugin to version 1.15.38 or later.

Added: Apr 13, 2026, 7:23 AM
Updated: Apr 13, 2026, 7:23 AM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
2.5
exploitability
8.2
remediation
7.7
relevance
5.8
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.