10web
Web & CMS Pluginscommercial
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting 10web.
- CVE-2026-11776Form Maker by 10Web <= 1.15.43 - Authenticated (Adminsitrator+) SQL Injection via 'groupids' Parameter4.9
- CVE-2026-11777Form Maker by 10Web <= 1.15.43 - Authenticated (Administrator+) SQL Injection via 'name' Parameter4.9
- CVE-2026-39502WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability9.3
- CVE-2026-49771WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability7.6
- CVE-2018-25346WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php7.1
- CVE-2026-3359Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'7.5
- CVE-2026-3330Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter4.9
- CVE-2026-4388Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box7.2
- CVE-2026-32330WordPress Photo Gallery by 10Web plugin <= 1.8.37 - Cross Site Request Forgery (CSRF) vulnerability4.3
- CVE-2026-27360WordPress Photo Gallery by 10Web plugin <= 1.8.38 - Cross Site Scripting (XSS) vulnerability5.9
- CVE-2026-1058Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field7.1
- CVE-2026-1065Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file7.2
- CVE-2026-1036Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion5.3
- CVE-2020-3685310WebMapBuilder <= 1.0.63 - Unauthenticated Stored Cross-Site Scripting via Plugin Settings Change7.2
- CVE-2025-48341WordPress Form Maker by 10Web plugin <= 1.15.33 - Cross Site Scripting (XSS) Vulnerability5.9