CVE-2024-2258
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 8,651 live websites that are affected by CVE-2024-2258.
Affected Software
| Product | |
| Category | Form Builders |
| Vulnerable Domains | 8,651 live websites (60.82% of Form Maker install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 254 versions ( 57.47% of all versions) |
Details
- Published - Apr 27, 2024
- Updated - Aug 1, 2024
Credits
- Matthew Rollings (finder)
CVE References
CVE-2024-2258 usage by Country
 United States | 3,445 websites |
 Germany | 946 websites |
 France | 450 websites |
 GB | 355 websites |
 Netherlands | 351 websites |
 Italy | 235 websites |
 Russia | 204 websites |
 Denmark | 170 websites |
 Canada | 170 websites |
 Switzerland | 152 websites |
CVE-2024-2258 usage by TLD
| .com | 3,588 websites |
| .org | 692 websites |
| .de | 437 websites |
| .nl | 332 websites |
| .co.uk | 226 websites |
| .net | 224 websites |
| .ru | 194 websites |
| .it | 189 websites |
| .fr | 147 websites |
| .ch | 137 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-2258
Top websites that are affected by CVE-2024-2258. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | *,*** | |
| ********.nl | Netherlands | ***,*** | |
| ******.com | United States | ***,*** | |
| *****.eu |  Slovenia | ***,*** | |
| *************.***.au |  Australia | ***,*** | |
| ****************.org | United States | ***,*** | |
| ****************.org | United States | ***,*** | |
| ******************.org | United States | ***,*** | |
| ******************.com | United States | ***,*** | |
| ****.it | Italy | ***,*** |
FAQ
A total of 8,651 websites have been identified as vulnerable to CVE-2024-2258, discovered through global website indexing conducted by WebTechSurvey.
Form Maker is susceptible to CVE-2024-2258 vulnerability.
Form Maker versions before, and including, 1.15.24 are vulnerable to CVE-2024-2258.