CVE-2024-10562
Form Maker by 10Web < 1.15.31 - Admin+ Stored XSSThe Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
We have discovered 9,337 live websites that are affected by CVE-2024-10562.
Affected Software
| Product | |
| Category | Form Builders |
| Vulnerable Domains | 9,337 live websites (65.64% of Form Maker install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 260 versions ( 58.82% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jan 7, 2025
- Updated - Jan 7, 2025
Credits
- Dmitrii Ingatyev (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2024-10562 usage by Country
 United States | 3,704 websites |
 Germany | 1,040 websites |
 France | 491 websites |
 GB | 392 websites |
 Netherlands | 380 websites |
 Italy | 254 websites |
 Russia | 220 websites |
 Denmark | 183 websites |
 Canada | 180 websites |
 Switzerland | 162 websites |
CVE-2024-10562 usage by TLD
| .com | 3,872 websites |
| .org | 721 websites |
| .de | 476 websites |
| .nl | 358 websites |
| .co.uk | 261 websites |
| .net | 236 websites |
| .ru | 215 websites |
| .it | 211 websites |
| .fr | 165 websites |
| .ch | 147 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-10562
Top websites that are affected by CVE-2024-10562. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | *,*** | |
| ********.nl | Netherlands | ***,*** | |
| ******.com | United States | ***,*** | |
| *****.eu |  Slovenia | ***,*** | |
| *************.***.au |  Australia | ***,*** | |
| *******.*****.ee |  Estonia | ***,*** | |
| ****************.org | United States | ***,*** | |
| ****************.org | United States | ***,*** | |
| ******************.org | United States | ***,*** | |
| ******************.com | United States | ***,*** |
FAQ
CVE-2024-10562 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Form Maker
A total of 9,337 websites have been identified as vulnerable to CVE-2024-10562, discovered through global website indexing conducted by WebTechSurvey.
Form Maker is susceptible to CVE-2024-10562 vulnerability.
Form Maker versions before 1.15.31 are vulnerable to CVE-2024-10562.
Version 1.15.31 of Form Maker addresses the CVE-2024-10562 security vulnerability.