cleantalk
Vulnerabilities and Security Researches

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder, CVE-2025-48341

CVE, Research URL

CVE-2025-48341

Home page URL

Security reports for Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Application

Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder

Published on
May 19, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Maker by 10Web allows Stored XSS. This issue affects Form Maker by 10Web: from n/a through 1.15.33.
Affected versions
Min -, max 1.15.33.
Status
vulnerable
Previous vulnerability researches
Geo2 Maps Add-on for NextGEN Gallery (4624f982-a331-414c-88c3-12761807ec95) , Jun 07, 2024
New vulnerability
Product Code for WooCommerce (CVE-2025-48264) , May 22, 2025
bunny.net – WordPress CDN Plugin (CVE-2025-48236) , May 22, 2025
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2025-48341) , May 21, 2025
Back Button Widget (CVE-2025-48252) , May 21, 2025
Cloudflare Turnstile or reCAPTCHA For All Pages, to Block Spam and Hackers Attack, Block Visitors from China (CVE-2025-48243) , May 21, 2025