CVE-2024-6130
Form Maker by 10Web < 1.15.26 - Admin+ Stored XSSThe Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
We have discovered 8,828 live websites that are affected by CVE-2024-6130.
Affected Software
| Product | |
| Category | Form Builders |
| Vulnerable Domains | 8,828 live websites (62.06% of Form Maker install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 255 versions ( 57.69% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jul 1, 2024
- Updated - Oct 30, 2024
Credits
- Dmitrii Ignatyev (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2024-6130 usage by Country
 United States | 3,506 websites |
 Germany | 973 websites |
 France | 457 websites |
 GB | 364 websites |
 Netherlands | 354 websites |
 Italy | 242 websites |
 Russia | 207 websites |
 Denmark | 176 websites |
 Canada | 172 websites |
 Switzerland | 156 websites |
CVE-2024-6130 usage by TLD
| .com | 3,658 websites |
| .org | 694 websites |
| .de | 449 websites |
| .nl | 336 websites |
| .co.uk | 236 websites |
| .net | 226 websites |
| .ru | 205 websites |
| .it | 196 websites |
| .fr | 152 websites |
| .ch | 141 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-6130
Top websites that are affected by CVE-2024-6130. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | *,*** | |
| ********.nl | Netherlands | ***,*** | |
| ******.com | United States | ***,*** | |
| *****.eu |  Slovenia | ***,*** | |
| *************.***.au |  Australia | ***,*** | |
| *******.*****.ee |  Estonia | ***,*** | |
| ****************.org | United States | ***,*** | |
| ****************.org | United States | ***,*** | |
| ******************.org | United States | ***,*** | |
| ******************.com | United States | ***,*** |
FAQ
CVE-2024-6130 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Form Maker
A total of 8,828 websites have been identified as vulnerable to CVE-2024-6130, discovered through global website indexing conducted by WebTechSurvey.
Form Maker is susceptible to CVE-2024-6130 vulnerability.
Form Maker versions before 1.15.26 are vulnerable to CVE-2024-6130.
Version 1.15.26 of Form Maker addresses the CVE-2024-6130 security vulnerability.