PT-2024-18832 · 10Web · The Form Maker
Tim Coen
·
Published
2024-03-26
·
Updated
2025-11-20
·
CVE-2024-2112
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The Form Maker by 10Web versions up to, and including, 1.15.22
Description
The issue allows unauthenticated attackers to extract sensitive data, including user signatures, due to sensitive information exposure via the signature functionality. This makes it possible for attackers to access sensitive information without proper authentication.
Recommendations
For versions up to, and including, 1.15.22: Update the plugin immediately to prevent sensitive data exposure.
As a temporary workaround, consider disabling the signature functionality until a patch is available.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Form Maker