10web
Web & CMS Pluginscommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting 10web.
- CVE-2026-11776Form Maker by 10Web <= 1.15.43 - Authenticated (Adminsitrator+) SQL Injection via 'groupids' Parameter4.9
- CVE-2026-11777Form Maker by 10Web <= 1.15.43 - Authenticated (Administrator+) SQL Injection via 'name' Parameter4.9
- CVE-2026-39502WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability9.3
- CVE-2026-9829Photo Gallery by 10Web <= 1.8.41 - Authenticated (Contributor+) SQL Injection via 'compact_album_order_by' Shortcode Parameter6.5
- CVE-2026-49771WordPress Photo Gallery by 10Web plugin <= 1.8.41 - SQL Injection vulnerability7.6
- CVE-2026-7048Photo Gallery by 10Web <= 1.8.40 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute6.5
- CVE-2018-25346WordPress Form Maker Plugin 1.12.24 SQL Injection via admin-ajax.php7.1
- CVE-2026-3359Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'7.5
- CVE-2026-3330Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter4.9
- CVE-2026-4388Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box7.2
- CVE-2026-32330WordPress Photo Gallery by 10Web plugin <= 1.8.37 - Cross Site Request Forgery (CSRF) vulnerability4.3
- CVE-2026-27360WordPress Photo Gallery by 10Web plugin <= 1.8.38 - Cross Site Scripting (XSS) vulnerability5.9
- CVE-2026-1058Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field7.1
- CVE-2026-1065Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file7.2
- CVE-2026-1036Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion5.3