Form maker by 10web – mobile-friendly drag & drop contact form builder
This hub aggregates every CVE we track for Form maker by 10web – mobile-friendly drag & drop contact form builder, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
15
CVEs tracked
0
Critical
6
High
0
In CISA KEV
Severity distribution
MEDIUM9HIGH6
Monthly trend
0
0
1
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
2
0
2
1
2
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Form maker by 10web – mobile-friendly drag & drop contact form builder.
- CVE-2026-11776Form Maker by 10Web <= 1.15.43 - Authenticated (Adminsitrator+) SQL Injection via 'groupids' Parameter4.9
- CVE-2026-11777Form Maker by 10Web <= 1.15.43 - Authenticated (Administrator+) SQL Injection via 'name' Parameter4.9
- CVE-2026-3359Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'7.5
- CVE-2026-3330Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter4.9
- CVE-2026-4388Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box7.2
- CVE-2026-1058Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field7.1
- CVE-2026-1065Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file7.2
- CVE-2024-5020Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library6.4
- CVE-2024-10265Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter6.1
- CVE-2024-8633Form Maker <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site Scripting5.5
- CVE-2024-2258Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting4.4
- CVE-2024-2112Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure5.9
- CVE-2024-0667Form-Maker (twb_form-maker) <= 1.15.21 - Cross-Site Request Forgery to Limited Code Execution via Execute5.4
- CVE-2023-45071WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS)7.1
- CVE-2023-45070WordPress Form Maker by 10Web Plugin <= 1.15.18 is vulnerable to Cross Site Scripting (XSS)7.1
Product normalization is registry-driven with AI assist and human review. How it works