CVE-2024-8633
Form Maker <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site ScriptingThe Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 9,148 live websites that are affected by CVE-2024-8633.
Affected Software
| Product | |
| Category | Form Builders |
| Vulnerable Domains | 9,148 live websites (64.31% of Form Maker install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 257 versions ( 58.14% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Sep 26, 2024
- Updated - Sep 26, 2024
Credits
- Joel Indra (finder)
CWE
CVE References
CWE References
CVE-2024-8633 usage by Country
 United States | 3,627 websites |
 Germany | 1,014 websites |
 France | 481 websites |
 GB | 386 websites |
 Netherlands | 369 websites |
 Italy | 248 websites |
 Russia | 215 websites |
 Denmark | 180 websites |
 Canada | 176 websites |
 Switzerland | 161 websites |
CVE-2024-8633 usage by TLD
| .com | 3,796 websites |
| .org | 705 websites |
| .de | 469 websites |
| .nl | 352 websites |
| .co.uk | 254 websites |
| .net | 232 websites |
| .ru | 211 websites |
| .it | 206 websites |
| .fr | 162 websites |
| .ch | 145 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-8633
Top websites that are affected by CVE-2024-8633. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | *,*** | |
| ********.nl | Netherlands | ***,*** | |
| ******.com | United States | ***,*** | |
| *****.eu |  Slovenia | ***,*** | |
| *************.***.au |  Australia | ***,*** | |
| *******.*****.ee |  Estonia | ***,*** | |
| ****************.org | United States | ***,*** | |
| ****************.org | United States | ***,*** | |
| ******************.org | United States | ***,*** | |
| ******************.com | United States | ***,*** |
FAQ
CVE-2024-8633 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Form Maker
A total of 9,148 websites have been identified as vulnerable to CVE-2024-8633, discovered through global website indexing conducted by WebTechSurvey.
Form Maker is susceptible to CVE-2024-8633 vulnerability.
Form Maker versions before, and including, 1.15.27 are vulnerable to CVE-2024-8633.