10web Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder
11 CVEs affecting 10web Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder. Latest disclosed: 2026-05-05. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-3359 | High | 7.5 | 2026-05-05 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'inputs' parameter in ve… |
CVE-2026-4388 | High | 7.2 | 2026-04-14 | The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box input type) in form submissions in all… |
CVE-2026-1065 | High | 7.2 | 2026-02-03 | The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plu… |
CVE-2026-1058 | High | 7.1 | 2026-02-03 | The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is… |
CVE-2024-5020 | Medium | 6.4 | 2024-12-04 | Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in… |
CVE-2024-10265 | Medium | 6.1 | 2024-11-10 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use… |
CVE-2024-2112 | Medium | 5.9 | 2024-04-09 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions… |
CVE-2024-8633 | Medium | 5.5 | 2024-09-26 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up… |
CVE-2024-0667 | Medium | 5.4 | 2024-01-27 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up… |
CVE-2026-3330 | Medium | 4.9 | 2026-04-17 | The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'startdate', 'enddate', 'username_search', and 'useremail_sear… |
CVE-2024-2258 | Medium | 4.4 | 2024-04-27 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's displ… |