CVE-2023-45071: WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS)
First published: Wed Oct 18 2023(Updated: )
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin <= 1.15.18 versions.
Credit: audit@patchstack.com audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 10web Form Maker | <1.15.19 |
Remedy
Update to 1.15.19 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-45071?
CVE-2023-45071 is an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in the 10Web Form Builder Team Form Maker plugin for WordPress.
How severe is CVE-2023-45071?
CVE-2023-45071 has a severity rating of 7.1 (high).
Which versions of the 10Web Form Builder Team Form Maker plugin are affected?
The vulnerability affects 10Web Form Builder Team Form Maker plugin versions up to and including 1.15.18.
What is the Common Weakness Enumeration (CWE) ID associated with CVE-2023-45071?
The CWE ID associated with CVE-2023-45071 is CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).
How can I fix the CVE-2023-45071 vulnerability?
To fix the CVE-2023-45071 vulnerability, update the 10Web Form Builder Team Form Maker plugin to version 1.15.19 or higher.
- collector/nvd-index
- collector/nvd-api
- agent/softwarecombine
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/10web
- canonical/10web form maker