Vulnerability Details CVE-2024-0667
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the 'execute' function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the 'BoosterController' class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.9%
CVSS Severity
CVSS v3 Score 5.4
References
- https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.21/booster/controller.php#L34
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027368%40form-maker&new=3027368%40form-maker&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d55c832b-f558-4e8a-8301-33dd38d39ef1?source=cve
- https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.21/booster/controller.php#L34
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027368%40form-maker&new=3027368%40form-maker&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d55c832b-f558-4e8a-8301-33dd38d39ef1?source=cve
Products affected by CVE-2024-0667
-
cpe:2.3:a:10web:form_maker:-
-
cpe:2.3:a:10web:form_maker:1.0.0
-
cpe:2.3:a:10web:form_maker:1.10
-
cpe:2.3:a:10web:form_maker:1.10.1
-
cpe:2.3:a:10web:form_maker:1.10.10
-
cpe:2.3:a:10web:form_maker:1.10.11
-
cpe:2.3:a:10web:form_maker:1.10.2
-
cpe:2.3:a:10web:form_maker:1.10.3
-
cpe:2.3:a:10web:form_maker:1.10.4
-
cpe:2.3:a:10web:form_maker:1.10.5
-
cpe:2.3:a:10web:form_maker:1.10.6
-
cpe:2.3:a:10web:form_maker:1.10.7
-
cpe:2.3:a:10web:form_maker:1.10.8
-
cpe:2.3:a:10web:form_maker:1.10.9
-
cpe:2.3:a:10web:form_maker:1.11.1
-
cpe:2.3:a:10web:form_maker:1.11.11
-
cpe:2.3:a:10web:form_maker:1.11.2
-
cpe:2.3:a:10web:form_maker:1.11.3
-
cpe:2.3:a:10web:form_maker:1.11.4
-
cpe:2.3:a:10web:form_maker:1.11.5
-
cpe:2.3:a:10web:form_maker:1.11.6
-
cpe:2.3:a:10web:form_maker:1.11.7
-
cpe:2.3:a:10web:form_maker:1.11.8
-
cpe:2.3:a:10web:form_maker:1.12.0
-
cpe:2.3:a:10web:form_maker:1.12.1
-
cpe:2.3:a:10web:form_maker:1.12.10
-
cpe:2.3:a:10web:form_maker:1.12.11
-
cpe:2.3:a:10web:form_maker:1.12.12
-
cpe:2.3:a:10web:form_maker:1.12.13
-
cpe:2.3:a:10web:form_maker:1.12.14
-
cpe:2.3:a:10web:form_maker:1.12.15
-
cpe:2.3:a:10web:form_maker:1.12.16
-
cpe:2.3:a:10web:form_maker:1.12.17
-
cpe:2.3:a:10web:form_maker:1.12.18
-
cpe:2.3:a:10web:form_maker:1.12.19
-
cpe:2.3:a:10web:form_maker:1.12.2
-
cpe:2.3:a:10web:form_maker:1.12.20
-
cpe:2.3:a:10web:form_maker:1.12.21
-
cpe:2.3:a:10web:form_maker:1.12.22
-
cpe:2.3:a:10web:form_maker:1.12.23
-
cpe:2.3:a:10web:form_maker:1.12.24
-
cpe:2.3:a:10web:form_maker:1.12.25
-
cpe:2.3:a:10web:form_maker:1.12.26
-
cpe:2.3:a:10web:form_maker:1.12.27
-
cpe:2.3:a:10web:form_maker:1.12.28
-
cpe:2.3:a:10web:form_maker:1.12.29
-
cpe:2.3:a:10web:form_maker:1.12.3
-
cpe:2.3:a:10web:form_maker:1.12.30
-
cpe:2.3:a:10web:form_maker:1.12.31
-
cpe:2.3:a:10web:form_maker:1.12.32
-
cpe:2.3:a:10web:form_maker:1.12.33
-
cpe:2.3:a:10web:form_maker:1.12.34
-
cpe:2.3:a:10web:form_maker:1.12.35
-
cpe:2.3:a:10web:form_maker:1.12.36
-
cpe:2.3:a:10web:form_maker:1.12.37
-
cpe:2.3:a:10web:form_maker:1.12.38
-
cpe:2.3:a:10web:form_maker:1.12.39
-
cpe:2.3:a:10web:form_maker:1.12.4
-
cpe:2.3:a:10web:form_maker:1.12.41
-
cpe:2.3:a:10web:form_maker:1.12.42
-
cpe:2.3:a:10web:form_maker:1.12.5
-
cpe:2.3:a:10web:form_maker:1.12.6
-
cpe:2.3:a:10web:form_maker:1.12.7
-
cpe:2.3:a:10web:form_maker:1.12.8
-
cpe:2.3:a:10web:form_maker:1.12.9
-
cpe:2.3:a:10web:form_maker:1.13.0
-
cpe:2.3:a:10web:form_maker:1.13.1
-
cpe:2.3:a:10web:form_maker:1.13.10
-
cpe:2.3:a:10web:form_maker:1.13.11
-
cpe:2.3:a:10web:form_maker:1.13.12
-
cpe:2.3:a:10web:form_maker:1.13.14
-
cpe:2.3:a:10web:form_maker:1.13.15
-
cpe:2.3:a:10web:form_maker:1.13.16
-
cpe:2.3:a:10web:form_maker:1.13.17
-
cpe:2.3:a:10web:form_maker:1.13.18
-
cpe:2.3:a:10web:form_maker:1.13.19
-
cpe:2.3:a:10web:form_maker:1.13.2
-
cpe:2.3:a:10web:form_maker:1.13.20
-
cpe:2.3:a:10web:form_maker:1.13.21
-
cpe:2.3:a:10web:form_maker:1.13.22
-
cpe:2.3:a:10web:form_maker:1.13.23
-
cpe:2.3:a:10web:form_maker:1.13.24
-
cpe:2.3:a:10web:form_maker:1.13.25
-
cpe:2.3:a:10web:form_maker:1.13.26
-
cpe:2.3:a:10web:form_maker:1.13.27
-
cpe:2.3:a:10web:form_maker:1.13.28
-
cpe:2.3:a:10web:form_maker:1.13.29
-
cpe:2.3:a:10web:form_maker:1.13.3
-
cpe:2.3:a:10web:form_maker:1.13.30
-
cpe:2.3:a:10web:form_maker:1.13.31
-
cpe:2.3:a:10web:form_maker:1.13.32
-
cpe:2.3:a:10web:form_maker:1.13.33
-
cpe:2.3:a:10web:form_maker:1.13.34
-
cpe:2.3:a:10web:form_maker:1.13.35
-
cpe:2.3:a:10web:form_maker:1.13.36
-
cpe:2.3:a:10web:form_maker:1.13.37
-
cpe:2.3:a:10web:form_maker:1.13.38
-
cpe:2.3:a:10web:form_maker:1.13.39
-
cpe:2.3:a:10web:form_maker:1.13.4
-
cpe:2.3:a:10web:form_maker:1.13.40
-
cpe:2.3:a:10web:form_maker:1.13.41
-
cpe:2.3:a:10web:form_maker:1.13.42
-
cpe:2.3:a:10web:form_maker:1.13.43
-
cpe:2.3:a:10web:form_maker:1.13.44
-
cpe:2.3:a:10web:form_maker:1.13.45
-
cpe:2.3:a:10web:form_maker:1.13.46
-
cpe:2.3:a:10web:form_maker:1.13.47
-
cpe:2.3:a:10web:form_maker:1.13.48
-
cpe:2.3:a:10web:form_maker:1.13.49
-
cpe:2.3:a:10web:form_maker:1.13.5
-
cpe:2.3:a:10web:form_maker:1.13.50
-
cpe:2.3:a:10web:form_maker:1.13.51
-
cpe:2.3:a:10web:form_maker:1.13.52
-
cpe:2.3:a:10web:form_maker:1.13.53
-
cpe:2.3:a:10web:form_maker:1.13.54
-
cpe:2.3:a:10web:form_maker:1.13.55
-
cpe:2.3:a:10web:form_maker:1.13.56
-
cpe:2.3:a:10web:form_maker:1.13.57
-
cpe:2.3:a:10web:form_maker:1.13.58
-
cpe:2.3:a:10web:form_maker:1.13.59
-
cpe:2.3:a:10web:form_maker:1.13.6
-
cpe:2.3:a:10web:form_maker:1.13.60
-
cpe:2.3:a:10web:form_maker:1.13.7
-
cpe:2.3:a:10web:form_maker:1.13.8
-
cpe:2.3:a:10web:form_maker:1.13.9
-
cpe:2.3:a:10web:form_maker:1.14.0
-
cpe:2.3:a:10web:form_maker:1.14.1
-
cpe:2.3:a:10web:form_maker:1.14.10
-
cpe:2.3:a:10web:form_maker:1.14.11
-
cpe:2.3:a:10web:form_maker:1.14.12
-
cpe:2.3:a:10web:form_maker:1.14.2
-
cpe:2.3:a:10web:form_maker:1.14.3
-
cpe:2.3:a:10web:form_maker:1.14.4
-
cpe:2.3:a:10web:form_maker:1.14.5
-
cpe:2.3:a:10web:form_maker:1.14.6
-
cpe:2.3:a:10web:form_maker:1.14.7
-
cpe:2.3:a:10web:form_maker:1.14.8
-
cpe:2.3:a:10web:form_maker:1.14.9
-
cpe:2.3:a:10web:form_maker:1.15.0
-
cpe:2.3:a:10web:form_maker:1.15.1
-
cpe:2.3:a:10web:form_maker:1.15.10
-
cpe:2.3:a:10web:form_maker:1.15.11
-
cpe:2.3:a:10web:form_maker:1.15.12
-
cpe:2.3:a:10web:form_maker:1.15.13
-
cpe:2.3:a:10web:form_maker:1.15.14
-
cpe:2.3:a:10web:form_maker:1.15.15
-
cpe:2.3:a:10web:form_maker:1.15.16
-
cpe:2.3:a:10web:form_maker:1.15.17
-
cpe:2.3:a:10web:form_maker:1.15.18
-
cpe:2.3:a:10web:form_maker:1.15.19
-
cpe:2.3:a:10web:form_maker:1.15.2
-
cpe:2.3:a:10web:form_maker:1.15.20
-
cpe:2.3:a:10web:form_maker:1.15.21
-
cpe:2.3:a:10web:form_maker:1.15.3
-
cpe:2.3:a:10web:form_maker:1.15.4
-
cpe:2.3:a:10web:form_maker:1.15.5
-
cpe:2.3:a:10web:form_maker:1.15.6
-
cpe:2.3:a:10web:form_maker:1.15.7
-
cpe:2.3:a:10web:form_maker:1.15.8
-
cpe:2.3:a:10web:form_maker:1.15.9
-
cpe:2.3:a:10web:form_maker:1.3.0
-
cpe:2.3:a:10web:form_maker:1.4.0
-
cpe:2.3:a:10web:form_maker:1.5.0
-
cpe:2.3:a:10web:form_maker:1.6.3
-
cpe:2.3:a:10web:form_maker:1.6.4
-
cpe:2.3:a:10web:form_maker:1.6.6
-
cpe:2.3:a:10web:form_maker:1.7
-
cpe:2.3:a:10web:form_maker:1.7.1
-
cpe:2.3:a:10web:form_maker:1.7.10
-
cpe:2.3:a:10web:form_maker:1.7.11
-
cpe:2.3:a:10web:form_maker:1.7.12
-
cpe:2.3:a:10web:form_maker:1.7.13
-
cpe:2.3:a:10web:form_maker:1.7.14
-
cpe:2.3:a:10web:form_maker:1.7.15
-
cpe:2.3:a:10web:form_maker:1.7.16
-
cpe:2.3:a:10web:form_maker:1.7.17
-
cpe:2.3:a:10web:form_maker:1.7.18
-
cpe:2.3:a:10web:form_maker:1.7.2
-
cpe:2.3:a:10web:form_maker:1.7.21
-
cpe:2.3:a:10web:form_maker:1.7.22
-
cpe:2.3:a:10web:form_maker:1.7.23
-
cpe:2.3:a:10web:form_maker:1.7.24
-
cpe:2.3:a:10web:form_maker:1.7.25
-
cpe:2.3:a:10web:form_maker:1.7.26
-
cpe:2.3:a:10web:form_maker:1.7.27
-
cpe:2.3:a:10web:form_maker:1.7.28
-
cpe:2.3:a:10web:form_maker:1.7.29
-
cpe:2.3:a:10web:form_maker:1.7.30
-
cpe:2.3:a:10web:form_maker:1.7.31
-
cpe:2.3:a:10web:form_maker:1.7.32
-
cpe:2.3:a:10web:form_maker:1.7.33
-
cpe:2.3:a:10web:form_maker:1.7.34
-
cpe:2.3:a:10web:form_maker:1.7.35
-
cpe:2.3:a:10web:form_maker:1.7.37
-
cpe:2.3:a:10web:form_maker:1.7.38
-
cpe:2.3:a:10web:form_maker:1.7.39
-
cpe:2.3:a:10web:form_maker:1.7.4
-
cpe:2.3:a:10web:form_maker:1.7.40
-
cpe:2.3:a:10web:form_maker:1.7.42
-
cpe:2.3:a:10web:form_maker:1.7.43
-
cpe:2.3:a:10web:form_maker:1.7.44
-
cpe:2.3:a:10web:form_maker:1.7.45
-
cpe:2.3:a:10web:form_maker:1.7.46
-
cpe:2.3:a:10web:form_maker:1.7.47
-
cpe:2.3:a:10web:form_maker:1.7.48
-
cpe:2.3:a:10web:form_maker:1.7.49
-
cpe:2.3:a:10web:form_maker:1.7.5
-
cpe:2.3:a:10web:form_maker:1.7.50
-
cpe:2.3:a:10web:form_maker:1.7.51
-
cpe:2.3:a:10web:form_maker:1.7.52
-
cpe:2.3:a:10web:form_maker:1.7.53
-
cpe:2.3:a:10web:form_maker:1.7.54
-
cpe:2.3:a:10web:form_maker:1.7.55
-
cpe:2.3:a:10web:form_maker:1.7.56
-
cpe:2.3:a:10web:form_maker:1.7.57
-
cpe:2.3:a:10web:form_maker:1.7.58
-
cpe:2.3:a:10web:form_maker:1.7.59
-
cpe:2.3:a:10web:form_maker:1.7.6
-
cpe:2.3:a:10web:form_maker:1.7.60
-
cpe:2.3:a:10web:form_maker:1.7.61
-
cpe:2.3:a:10web:form_maker:1.7.62
-
cpe:2.3:a:10web:form_maker:1.7.63
-
cpe:2.3:a:10web:form_maker:1.7.64
-
cpe:2.3:a:10web:form_maker:1.7.65
-
cpe:2.3:a:10web:form_maker:1.7.66
-
cpe:2.3:a:10web:form_maker:1.7.67
-
cpe:2.3:a:10web:form_maker:1.7.68
-
cpe:2.3:a:10web:form_maker:1.7.69
-
cpe:2.3:a:10web:form_maker:1.7.7
-
cpe:2.3:a:10web:form_maker:1.7.70
-
cpe:2.3:a:10web:form_maker:1.7.71
-
cpe:2.3:a:10web:form_maker:1.7.73
-
cpe:2.3:a:10web:form_maker:1.7.74
-
cpe:2.3:a:10web:form_maker:1.7.75
-
cpe:2.3:a:10web:form_maker:1.7.76
-
cpe:2.3:a:10web:form_maker:1.7.77
-
cpe:2.3:a:10web:form_maker:1.7.78
-
cpe:2.3:a:10web:form_maker:1.7.79
-
cpe:2.3:a:10web:form_maker:1.7.8
-
cpe:2.3:a:10web:form_maker:1.7.80
-
cpe:2.3:a:10web:form_maker:1.7.81
-
cpe:2.3:a:10web:form_maker:1.7.82
-
cpe:2.3:a:10web:form_maker:1.7.83
-
cpe:2.3:a:10web:form_maker:1.7.84
-
cpe:2.3:a:10web:form_maker:1.7.85
-
cpe:2.3:a:10web:form_maker:1.7.86
-
cpe:2.3:a:10web:form_maker:1.7.87
-
cpe:2.3:a:10web:form_maker:1.7.88
-
cpe:2.3:a:10web:form_maker:1.7.89
-
cpe:2.3:a:10web:form_maker:1.7.9
-
cpe:2.3:a:10web:form_maker:1.7.90
-
cpe:2.3:a:10web:form_maker:1.7.91
-
cpe:2.3:a:10web:form_maker:1.7.92
-
cpe:2.3:a:10web:form_maker:1.7.93
-
cpe:2.3:a:10web:form_maker:1.7.94
-
cpe:2.3:a:10web:form_maker:1.7.95
-
cpe:2.3:a:10web:form_maker:1.7.96
-
cpe:2.3:a:10web:form_maker:1.7.97
-
cpe:2.3:a:10web:form_maker:1.8.0
-
cpe:2.3:a:10web:form_maker:1.8.1
-
cpe:2.3:a:10web:form_maker:1.8.10
-
cpe:2.3:a:10web:form_maker:1.8.11
-
cpe:2.3:a:10web:form_maker:1.8.12
-
cpe:2.3:a:10web:form_maker:1.8.13
-
cpe:2.3:a:10web:form_maker:1.8.14
-
cpe:2.3:a:10web:form_maker:1.8.15
-
cpe:2.3:a:10web:form_maker:1.8.16
-
cpe:2.3:a:10web:form_maker:1.8.17
-
cpe:2.3:a:10web:form_maker:1.8.18
-
cpe:2.3:a:10web:form_maker:1.8.19
-
cpe:2.3:a:10web:form_maker:1.8.2
-
cpe:2.3:a:10web:form_maker:1.8.20
-
cpe:2.3:a:10web:form_maker:1.8.21
-
cpe:2.3:a:10web:form_maker:1.8.22
-
cpe:2.3:a:10web:form_maker:1.8.23
-
cpe:2.3:a:10web:form_maker:1.8.24
-
cpe:2.3:a:10web:form_maker:1.8.25
-
cpe:2.3:a:10web:form_maker:1.8.26
-
cpe:2.3:a:10web:form_maker:1.8.27
-
cpe:2.3:a:10web:form_maker:1.8.28
-
cpe:2.3:a:10web:form_maker:1.8.29
-
cpe:2.3:a:10web:form_maker:1.8.3
-
cpe:2.3:a:10web:form_maker:1.8.30
-
cpe:2.3:a:10web:form_maker:1.8.31
-
cpe:2.3:a:10web:form_maker:1.8.32
-
cpe:2.3:a:10web:form_maker:1.8.33
-
cpe:2.3:a:10web:form_maker:1.8.34
-
cpe:2.3:a:10web:form_maker:1.8.35
-
cpe:2.3:a:10web:form_maker:1.8.36
-
cpe:2.3:a:10web:form_maker:1.8.37
-
cpe:2.3:a:10web:form_maker:1.8.38
-
cpe:2.3:a:10web:form_maker:1.8.39
-
cpe:2.3:a:10web:form_maker:1.8.4
-
cpe:2.3:a:10web:form_maker:1.8.40
-
cpe:2.3:a:10web:form_maker:1.8.41
-
cpe:2.3:a:10web:form_maker:1.8.5
-
cpe:2.3:a:10web:form_maker:1.8.6
-
cpe:2.3:a:10web:form_maker:1.8.7
-
cpe:2.3:a:10web:form_maker:1.8.8
-
cpe:2.3:a:10web:form_maker:1.8.9
-
cpe:2.3:a:10web:form_maker:1.9
-
cpe:2.3:a:10web:form_maker:1.9.1
-
cpe:2.3:a:10web:form_maker:1.9.10
-
cpe:2.3:a:10web:form_maker:1.9.11
-
cpe:2.3:a:10web:form_maker:1.9.12
-
cpe:2.3:a:10web:form_maker:1.9.13
-
cpe:2.3:a:10web:form_maker:1.9.14
-
cpe:2.3:a:10web:form_maker:1.9.15
-
cpe:2.3:a:10web:form_maker:1.9.16
-
cpe:2.3:a:10web:form_maker:1.9.17
-
cpe:2.3:a:10web:form_maker:1.9.18
-
cpe:2.3:a:10web:form_maker:1.9.2
-
cpe:2.3:a:10web:form_maker:1.9.3
-
cpe:2.3:a:10web:form_maker:1.9.5
-
cpe:2.3:a:10web:form_maker:1.9.6
-
cpe:2.3:a:10web:form_maker:1.9.7
-
cpe:2.3:a:10web:form_maker:1.9.8
-
cpe:2.3:a:10web:form_maker:1.9.9