CVE-2025-15441

MEDIUM 6.8

Form Maker < 1.15.38 - SQL Injection

CVSS Score

6.8

EPSS Score

0.0%

EPSS Percentile

6th

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts.

Vendor	unknown
Product	form maker by 10web
Published	Apr 13, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for unknown form maker by 10web

Be the first to know when new medium vulnerabilities affecting unknown form maker by 10web are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Form Maker by 10Web

0 < 1.15.38

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/41f69b0a-4d17-4a6b-b803-ea1c370e3cc0/

Credits

hiariz WPScan