CVE-2019-11590

The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the latter is...

CVE-2024-34437

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.24...

EUVD-2024-30336

Malicious code in bioql PyPI...

EUVD-2024-40116

Malicious code in bioql PyPI...

CVE-2024-32534

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.23...

CVE-2023-45071

Unauth. Stored Cross-Site Scripting XSS vulnerability in 10Web Form Builder Team Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin = 1.15.18 versions...

CVE-2025-48341

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Maker by 10Web form-maker allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through = 1.15.33...

CVE-2025-48341

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 10Web Form Maker by 10Web form-maker allows Stored XSS.This issue affects Form Maker by 10Web: from n/a through = 1.15.33...

CVE-2025-48341

CVE-2025-48341 : A stored XSS in the WordPress plugin Form Maker by 10Web (versions ≤ 1.15.33) is caused by improper input neutralization during web page generation. The vulnerability affects the 10Web Form Maker component and requires authenticated access to exploit. A patch exists: upgrade to a...

PT-2025-21992 · 10Web · 10Web Form Maker

Name of the Vulnerable Software and Affected Versions: 10Web Form Maker by 10Web versions 1.15.33 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...

CVE-2024-43220

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26...

CVE-2023-48290

Improper Restriction of Excessive Authentication Attempts vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Functionality Bypass.This issue affects Form Maker by 10Web: from n/a through 1.15.20...

CVE-2024-32534

CVE-2024-32534 affects Form Maker (WordPress plugin) by 10Web, with stored XSS due to improper input neutralization during web page generation. Public references confirm the issue and affected range (Form Maker by 10Web:

CVE-2019-11590

The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the latter is...

CVE-2019-11590

The 10Web Form Maker plugin for WordPress is affected by CVE-2019-11590 (versions