High 7.5
2026-05-05< 1.15.43
CVE-2026-3359
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder
Minimum safe version
1.15.43
Update to 1.15.43 or later to address 49 fixable vulnerabilities
Latest available1.15.43 ✓
Medium 4.9
2026-04-17< 1.15.41
CVE-2026-3330
N/A
2026-02-02< 1.15.36
Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file
N/A
2026-02-02< 1.15.36
Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field
N/A
2026-04-13< 1.15.41
Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box
N/A
2026-04-08< 1.15.39
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.38 - Unauthenticated SQL Injection
N/A
2026-04-13< 1.15.38
CVE-2025-15441
N/A
2025-05-19< 1.15.34
CVE-2025-48341
Medium 4.8
2025-05-15< 1.15.33
CVE-2024-13053
Medium 4.8
2025-04-16< 1.15.32
CVE-2024-10680
Low 3.5
2025-03-25< 1.15.30
CVE-2024-10560
Low 3.5
2025-03-24< 1.15.30
CVE-2024-10558
Medium 4.8
2025-02-24< 1.15.33
CVE-2024-13605
Low 2.7
2025-01-07< 1.15.31
CVE-2024-10562
Medium 6.4
2024-12-04< 1.15.28
Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
Medium 6.1
2024-11-11< 1.15.31
WordPress Form Maker by 10Web Plugin <= 1.15.30 is vulnerable to Cross Site Scripting (XSS)
Medium 4.8
2024-09-26< 1.15.28
CVE-2024-8633
Medium 6.1
2024-08-12< 1.15.27
CVE-2024-43220
Medium 4.8
2024-07-01< 1.15.26
CVE-2024-6130
Medium 4.8
2024-05-09< 1.15.25
CVE-2024-34437
Medium 5.4
2024-04-29< 1.15.25
WordPress Form Maker by 10Web Plugin <= 1.15.24 is vulnerable to Cross Site Scripting (XSS)
Medium 4.8
2024-04-17< 1.15.24
CVE-2024-32534
High 7.5
2024-04-09< 1.15.23
CVE-2024-2112
Medium 6.3
2024-01-29< 1.15.22
WordPress Form Maker by 10Web Plugin <= 1.15.21 is vulnerable to Cross Site Request Forgery (CSRF)
Medium 5.3
2024-06-04< 1.15.21
CVE-2023-48290
Critical 9.8
2023-10-16< 1.15.20
CVE-2023-4666
N/A
2023-10-11< 1.15.21
Form Maker <= 1.15.20 - Captcha Bypass
High 7.1
2023-10-18< 1.15.19
CVE-2023-45071
High 7.1
2023-10-18< 1.15.19
CVE-2023-45070
N/A
2023-09-07< 1.15.20
WordPress Form Maker by 10Web Plugin < 1.15.20 is vulnerable to Arbitrary File Upload
N/A
2023-09-07< 1.15.20
Form Maker by 10Web <= 1.15.19 - Unauthenticated Arbitrary File Upload
N/A
2023-06-14< 1.15.17
Form Maker <= 1.15.16 - Missing Authorization in check_score
N/A
< 1.6.6
Form Maker 1.6.4 - front_end_form_maker.php Unspecified XSS
N/A
< 1.13.36
Form Maker by 10Web < 1.13.36 - Authenticated SQL Injection
N/A
< 1.13.40
Form Maker by 10Web < 1.13.40 - Authenticated Reflected XSS
N/A
2020-05-26< 1.13.36
Form Maker by 10Web <= 1.13.35 - SQL Injection
N/A
2020-07-12< 1.13.40
Form Maker by 10Web < 1.13.40 - Reflected Cross-Site Scripting
High 7.2
2022-10-25< 1.15.6
CVE-2022-3300
N/A
2014-08-01< 1.6.6
WordPress Form Maker Plugin <= 1.6.4 - Unspecified Cross Site Scripting
Medium 4.8
2022-05-30< 1.14.12
CVE-2022-1564
N/A
2019-04-10< 1.13.5
WordPress Form Maker by 10Web plugin <= 1.13.4 - Cross-Site Request Forgery (CSRF) vulnerability
N/A
2020-05-26< 1.13.36
WordPress Form Maker by 10Web plugin <= 1.13.35 - Authenticated SQL Injection (SQLi) vulnerability
N/A
2020-07-12< 1.13.40
WordPress Form Maker by 10Web plugin <= 1.13.39 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
N/A
2021-05-19< 1.13.57
WordPress Form Maker by 10Web plugin <= 1.13.56 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
N/A
2021-05-19< 1.13.57
WordPress Form Maker by 10Web plugin <= 1.13.56 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
High 7.8
2018-04-27< 1.12.24
CVE-2018-10504
High 8.8
2019-04-29< 1.13.5
CVE-2019-11590
Critical 9.8
2019-05-25< 1.13.3
WordPress Form Maker by 10Web plugin <= 1.13.2 - Authenticated SQL Injection (SQLi) vulnerability
Medium 5.4
2021-08-16< 1.13.60
CVE-2021-24526