| CVE-2026-3330 | Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 4.9 | 2026-04-17 03:36:44 | Deep Dive |
| CVE-2026-4388 | Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | High | 7.2 | 2026-04-14 02:25:48 | Deep Dive |
| CVE-2025-13079 | Popup Builder - Create highly converting, mobile friendly marketing popups. <= 4.4.2 - Improper Authorization to Unauthenticated Subscriber Removal via Predictable Tokens | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | Medium | 5.3 | 2026-02-19 03:25:15 | Deep Dive |
| CVE-2026-1058 | Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | High | 7.1 | 2026-02-03 06:38:06 | Deep Dive |
| CVE-2026-1065 | Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | High | 7.2 | 2026-02-03 06:38:04 | Deep Dive |
| CVE-2025-13029 | Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion | Unknown | Knowband Mobile App Builder | 高危 | - | 2025-12-31 06:00:03 | Deep Dive |
| CVE-2025-68860 | WordPress Mobile builder plugin <= 1.4.2 - Broken Authentication vulnerability | Mobile Builder | Mobile builder | Critical | 9.8 | 2025-12-29 21:08:56 | Deep Dive |
| CVE-2025-9856 | Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | Medium | 6.4 | 2025-12-13 08:21:15 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2024-10265 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 6.1 | 2024-11-10 12:30:34 | Deep Dive |
| CVE-2024-50528 | WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Sensitive Data Exposure vulnerability | Stacks | Stacks Mobile App Builder | High | 7.5 | 2024-11-04 14:07:19 | Deep Dive |
| CVE-2024-50527 | WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Arbitrary File Upload vulnerability | Stacks | Stacks Mobile App Builder | Critical | 10.0 | 2024-11-04 13:42:39 | Deep Dive |
| CVE-2024-50477 | WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Account Takeover vulnerability | Stacks | Stacks Mobile App Builder | Critical | 9.8 | 2024-10-28 11:23:07 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-8633 | Form Maker <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site Scripting | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 5.5 | 2024-09-26 11:32:39 | Deep Dive |
| CVE-2024-2541 | Popup Builder <= 4.3.6 - Sensitive Information Exposure via Imported Subscribers CSV File | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | Medium | 5.3 | 2024-08-29 12:31:09 | Deep Dive |
| CVE-2023-6696 | Popup Builder – Create highly converting, mobile friendly marketing popups <= 4.3.1 - Missing Authorization and Nonce Exposure | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | High | 8.1 | 2024-06-15 02:02:01 | Deep Dive |
| CVE-2024-2544 | Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | High | 7.4 | 2024-06-15 02:01:58 | Deep Dive |
| CVE-2024-2506 | Popup Builder <= 4.2.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS | popupbuilder | Popup Builder – Create highly converting, mobile friendly marketing popups. | Medium | 6.4 | 2024-06-01 06:51:49 | Deep Dive |
| CVE-2024-2258 | Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting | 10web | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | Medium | 4.4 | 2024-04-27 03:33:35 | Deep Dive |