CVE-2025-15441

NONE EPSS 0.01%

Apr 13, 2026

Updated Apr 13, 2026

Unknown

Parameter	Value
Affected Versions	before 1.15.38
Type	CWE-89 SQL Injection
Vendor	Unknown
Public PoC	No

The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts.

Weakness Type (CWE)

CWE-89 SQL Injection

Vulnerable Products

unknown:form maker by 10web

References 1

https://wpscan.com/vulnerability/41f69b0a-4d17-4a6b-b803-ea1c370e3cc0/

contact@wpscan.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-3830

Unknown

None

CVE-2026-4432

Unknown

6.5

CVE-2026-4338

Unknown

None

CVE-2026-4079

Guaven

6.5

CVE-2026-1900

Unknown

6.5

CVE Details

CVE ID

CVE-2025-15441

Published Date

Apr 13, 2026

Vendor

Unknown

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.01%

Likelihood of exploitation in next 30 days

Percentile: 2.6th percentile (higher than 2.6% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2025-15441

Weakness Type (CWE)

Vulnerable Products

References 1

Related Vulnerabilities

CVE-2026-3830

CVE-2026-4432

CVE-2026-4338

CVE-2026-4079

CVE-2026-1900

CVE Details

Editor's Choice

Menu

CVE-2025-15441

Weakness Type (CWE)

Vulnerable Products

References 1

Related Vulnerabilities

CVE-2026-3830

CVE-2026-4432

CVE-2026-4338

CVE-2026-4079

CVE-2026-1900

CVE Details

Editor's Choice

Stay informed on cybersecurity