CVE-2024-6130 – This vulnerability in the Form Maker by 10Web W... (How to Fix)

Q: What is the severity of CVE-2024-6130?

CVE-2024-6130 has a CVSS score of 4.8 (MEDIUM). This vulnerability in the Form Maker by 10Web WordPress plugin allows administrators to inject malicious scripts into plugin settings. When viewed by other users, these scripts execute in their browsers, enabling stored cross-site scripting attacks. The attack works even when WordPress security features like unfiltered_html capability are disabled, particularly affecting multisite installations.

📋 TL;DR

This vulnerability in the Form Maker by 10Web WordPress plugin allows administrators to inject malicious scripts into plugin settings. When viewed by other users, these scripts execute in their browsers, enabling stored cross-site scripting attacks. The attack works even when WordPress security features like unfiltered_html capability are disabled, particularly affecting multisite installations.

💻 Affected Systems

Products:

Form Maker by 10Web WordPress Plugin

Versions: All versions before 1.15.26

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Particularly dangerous in WordPress multisite configurations where unfiltered_html capability is often restricted by default.

📦 What is this software?

Form Maker by 10web

View all CVEs affecting Form Maker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to full site takeover, data theft, credential harvesting from all users, and malware distribution to visitors.

🟠

Likely Case

Privileged admin user could inject malicious scripts to steal session cookies from other administrators or editors, potentially escalating privileges or compromising accounts.

🟢

If Mitigated

Limited to authenticated admin users only, with impact contained to the specific WordPress site if proper user access controls and monitoring are in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires admin-level access to WordPress. Exploitation is straightforward once authenticated as an administrator.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.15.26

Vendor Advisory: https://wpscan.com/vulnerability/bbed2968-4bd6-49ae-bd61-8a1f751e7041/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Form Maker by 10Web'. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.15.26+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the vulnerable plugin until patched

wp plugin deactivate form-maker

Restrict Admin Access

all

Temporarily limit administrator accounts to only essential personnel

🧯 If You Can't Patch

Implement strict user access controls and monitor admin activity logs
Deploy web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Form Maker by 10Web → Version number. If version is below 1.15.26, system is vulnerable.

Check Version:

wp plugin get form-maker --field=version

Verify Fix Applied:

Confirm plugin version is 1.15.26 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual admin activity modifying form settings
JavaScript payloads in form configuration data
Multiple failed login attempts followed by successful admin login

Network Indicators:

Unexpected JavaScript loading from form endpoints
Suspicious outbound connections after form submissions

SIEM Query:

source="wordpress.log" AND ("form-maker" OR "form_maker") AND ("update" OR "modify" OR "save") AND admin_user=*

📊 Metadata

CVE ID: CVE-2024-6130

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: July 1, 2024

Last Updated: May 1, 2025

🔗 References

https://wpscan.com/vulnerability/bbed2968-4bd6-49ae-bd61-8a1f751e7041/ Exploit,Third Party Advisory
https://wpscan.com/vulnerability/bbed2968-4bd6-49ae-bd61-8a1f751e7041/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6130, you might also want to check these: