Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder, with AI-generated Chinese analysis, references, and POCs.

Vendor: Unknown

CVE IDTitleCVSSSeverityPublished
CVE-2026-3330 Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter CWE-89 4.9 Medium2026-04-17
CVE-2026-4388 Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box CWE-79 7.2 High2026-04-14
CVE-2026-1058 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field CWE-79 7.1 High2026-02-03
CVE-2026-1065 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file CWE-434 7.2 High2026-02-03
CVE-2024-10265 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter CWE-79 6.1 Medium2024-11-10
CVE-2024-8633 Form Maker <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site Scripting CWE-79 5.5 Medium2024-09-26
CVE-2024-2258 Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting CWE-79 4.4 Medium2024-04-27
CVE-2024-2112 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure CWE-287 5.9 Medium2024-04-09
CVE-2024-0667 Form-Maker (twb_form-maker) <= 1.15.21 - Cross-Site Request Forgery to Limited Code Execution via Execute CWE-1078 5.4 Medium2024-01-27
CVE-2023-45071 WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS) CWE-79 7.1 High2023-10-18
CVE-2023-45070 WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS) CWE-79 7.1 High2023-10-18
CVE-2022-3300 Form Maker by 10Web < 1.15.6 - Admin+ SQLI CWE-89 7.2 -2022-10-25
CVE-2022-1564 Form Maker By 10Web < 1.14.12 - Admin+ Stored Cross-Site Scripting CWE-79 4.8 -2022-05-30
CVE-2021-24526 Form Maker < 1.13.60 - Authenticated Stored XSS CWE-79 5.4 -2021-08-16

All 14 known CVE vulnerabilities affecting Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder with full Chinese analysis, references, and POCs where available.