Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

10Web — Vulnerabilities & Security Advisories 41

Browse all 41 CVE security advisories affecting 10Web. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by 10Web:Photo Gallery by 10Web – Mobile-Friendly Image GalleryForm Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderPhotoGalleryPhoto Gallery by 10Web10Web Map Builder for Google Maps10WebAnalyticsSEO by 10WebWDContactFormBuilderWD WidgetTwitter10Web AI Assistant – AI content writing assistantSlider by 10WebSlider by 10Web – Responsive Image Slider10Web Social Post FeedForm Maker by 10Web10Web Booster – Website speed optimization, Cache & Page Speed optimizer
CVE IDTitleCVSSSeverityPublished
CVE-2026-3330 Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-89 4.9 Medium2026-04-17
CVE-2026-4388 Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-79 7.2 High2026-04-14
CVE-2026-32330 WordPress Photo Gallery by 10Web plugin <= 1.8.37 - Cross Site Request Forgery (CSRF) vulnerability — Photo Gallery by 10WebCWE-352 8.8 -2026-03-13
CVE-2026-27360 WordPress Photo Gallery by 10Web plugin <= 1.8.38 - Cross Site Scripting (XSS) vulnerability — Photo Gallery by 10WebCWE-79 5.4AIMediumAI2026-02-19
CVE-2026-1058 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-79 7.1 High2026-02-03
CVE-2026-1065 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-434 7.2 High2026-02-03
CVE-2026-1036 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-862 5.3 Medium2026-01-21
CVE-2025-13377 10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache — 10Web Booster – Website speed optimization, Cache & Page Speed optimizerCWE-22 9.6 Critical2025-12-06
CVE-2020-36853 10WebMapBuilder <= 1.0.63 - Unauthenticated Stored Cross-Site Scripting via Plugin Settings Change — 10Web Map Builder for Google MapsCWE-79 7.2 High2025-10-18
CVE-2025-48341 WordPress Form Maker by 10Web plugin <= 1.15.33 - Cross Site Scripting (XSS) Vulnerability — Form Maker by 10WebCWE-79 5.9 Medium2025-05-19
CVE-2025-2269 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.34 Reflected Cross-Site Scripting via 'image_id' Parameter — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79 6.1 Medium2025-04-11
CVE-2023-45272 WordPress 10Web Map Builder for Google Maps plugin <= 1.0.73 - Notice Dismissal Vulnerability — 10Web Map Builder for Google MapsCWE-862 5.4 Medium2025-01-02
CVE-2023-47807 WordPress 10WebAnalytics plugin <= 1.2.12 - Broken Access Control vulnerability — 10WebAnalyticsCWE-862 9.1 -2025-01-02
CVE-2023-33995 WordPress Photo Gallery by 10Web plugin <= 1.8.15 - Broken Access Control vulnerability — Photo Gallery by 10WebCWE-862 4.3 Medium2024-12-13
CVE-2024-10265 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-79 6.1 Medium2024-11-10
CVE-2024-9878 Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79 4.4 Medium2024-11-05
CVE-2024-9607 10Web Social Post Feed <= 1.2.9 - Reflected Cross-Site Scripting — 10Web Social Post FeedCWE-79 6.1 Medium2024-10-25
CVE-2024-44043 WordPress Photo Gallery by 10Web plugin <= 1.8.27 - Cross Site Scripting (XSS) vulnerability — Photo Gallery by 10WebCWE-79 5.9 Medium2024-10-06
CVE-2024-8633 Form Maker <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site Scripting — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-79 5.5 Medium2024-09-26
CVE-2024-7150 Slider by 10Web – Responsive Image Slider <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter — Slider by 10Web – Responsive Image SliderCWE-89 8.8 High2024-08-08
CVE-2024-5481 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-35 6.8 Medium2024-06-07
CVE-2024-5426 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79 6.4 Medium2024-06-07
CVE-2024-2258 Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-79 4.4 Medium2024-04-27
CVE-2024-32578 WordPress Sliderby10Web plugin <= 1.2.54 - Cross Site Scripting (XSS) vulnerability — Slider by 10WebCWE-79 7.1 High2024-04-18
CVE-2024-2112 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-287 5.9 Medium2024-04-09
CVE-2024-2296 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79 5.5 Medium2024-04-06
CVE-2024-31116 WordPress 10Web Map Builder for Google Maps plugin <= 1.0.74 - SQL Injection vulnerability — 10Web Map Builder for Google MapsCWE-89 7.6 High2024-03-31
CVE-2024-29833 WordPress Photo Gallery Plugin <= 1.8.21 Stored Cross Site Scripting in UploadHandler — PhotoGalleryCWE-79 5.4 Medium2024-03-26
CVE-2024-29810 WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg thumb_url — PhotoGalleryCWE-79 5.4 Medium2024-03-26
CVE-2024-29809 WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_url — PhotoGalleryCWE-79 5.4 Medium2024-03-26

This page lists every published CVE security advisory associated with 10Web. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.