Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

10web — Vulnerabilities & Security Advisories 41

Browse all 41 CVE security advisories affecting 10web. AI-powered Chinese analysis, POCs, and references for each vulnerability.

10Web operates as an automated WordPress hosting and management platform, primarily serving small to medium-sized businesses seeking simplified site deployment and maintenance. Security audits have identified forty-one Common Vulnerabilities and Exposures (CVEs) associated with its infrastructure and software components. Historically, these flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from outdated dependencies or misconfigured server environments. While no single catastrophic data breach has been publicly attributed directly to 10Web’s core platform, the high volume of CVEs indicates persistent challenges in patch management and code review processes. The organization generally responds to disclosures by releasing updates, yet the accumulation of unresolved or legacy issues suggests a reactive rather than proactive security posture. Users relying on this service must remain vigilant regarding plugin compatibility and server configuration to mitigate risks associated with these documented weaknesses.

Top products by 10web: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Photo Gallery by 10Web – Mobile-Friendly Image Gallery PhotoGallery 10Web Map Builder for Google Maps Photo Gallery by 10Web 10WebAnalytics SEO by 10Web WDContactFormBuilder WD WidgetTwitter 10Web AI Assistant – AI content writing assistant Slider by 10Web Slider by 10Web – Responsive Image Slider 10Web Social Post Feed Form Maker by 10Web 10Web Booster – Website speed optimization, Cache & Page Speed optimizer
CVE IDTitleCVSSSeverityPublished
CVE-2026-3359 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs' — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-89 7.5 High2026-05-05
CVE-2026-3330 Form Maker by 10Web <= 1.15.40 - Authenticated (Administrator+) SQL Injection via 'ip_search' Parameter — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-89 4.9 Medium2026-04-17
CVE-2026-4388 Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-79 7.2 High2026-04-14
CVE-2026-32330 WordPress Photo Gallery by 10Web plugin <= 1.8.37 - Cross Site Request Forgery (CSRF) vulnerability — Photo Gallery by 10WebCWE-352 4.3 Medium2026-03-13
CVE-2026-27360 WordPress Photo Gallery by 10Web plugin <= 1.8.38 - Cross Site Scripting (XSS) vulnerability — Photo Gallery by 10WebCWE-79 5.9 Medium2026-02-19
CVE-2026-1058 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via Hidden Field — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-79 7.1 High2026-02-03
CVE-2026-1065 Form Maker by 10Web <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-434 7.2 High2026-02-03
CVE-2026-1036 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.36 - Missing Authorization to Unauthenticated Arbitrary Comment Deletion — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-862 5.3 Medium2026-01-21
CVE-2025-13377 10Web Booster <= 2.32.7 - Authenticated (Subscriber+) Arbitrary Folder Deletion via two_clear_page_cache — 10Web Booster – Website speed optimization, Cache & Page Speed optimizerCWE-22 9.6 Critical2025-12-06
CVE-2020-36853 10WebMapBuilder <= 1.0.63 - Unauthenticated Stored Cross-Site Scripting via Plugin Settings Change — 10Web Map Builder for Google MapsCWE-79 7.2 High2025-10-18
CVE-2025-48341 WordPress Form Maker by 10Web plugin <= 1.15.33 - Cross Site Scripting (XSS) Vulnerability — Form Maker by 10WebCWE-79 5.9 Medium2025-05-19
CVE-2025-2269 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.34 Reflected Cross-Site Scripting via 'image_id' Parameter — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79 6.1 Medium2025-04-11
CVE-2023-45272 WordPress 10Web Map Builder for Google Maps plugin <= 1.0.73 - Notice Dismissal Vulnerability — 10Web Map Builder for Google MapsCWE-862 5.4 Medium2025-01-02
CVE-2023-47807 WordPress 10WebAnalytics plugin <= 1.2.12 - Broken Access Control vulnerability — 10WebAnalyticsCWE-862 4.3 Medium2025-01-02
CVE-2024-10265 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-79 6.1 Medium2024-11-10
CVE-2024-9878 Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79 4.4 Medium2024-11-05
CVE-2024-9607 10Web Social Post Feed <= 1.2.9 - Reflected Cross-Site Scripting — 10Web Social Post FeedCWE-79 6.1 Medium2024-10-25
CVE-2024-44043 WordPress Photo Gallery by 10Web plugin <= 1.8.27 - Cross Site Scripting (XSS) vulnerability — Photo Gallery by 10WebCWE-79 5.9 Medium2024-10-06
CVE-2024-8633 Form Maker <= 1.15.27 - Authenticated (Administrator+) Stored Cross-Site Scripting — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-79 5.5 Medium2024-09-26
CVE-2024-7150 Slider by 10Web – Responsive Image Slider <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter — Slider by 10Web – Responsive Image SliderCWE-89 8.8 High2024-08-08
CVE-2024-5481 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Path Traversal via esc_dir Function — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-35 6.8 Medium2024-06-07
CVE-2024-5426 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79 6.4 Medium2024-06-07
CVE-2024-2258 Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-79 4.4 Medium2024-04-27
CVE-2024-32578 WordPress Sliderby10Web plugin <= 1.2.54 - Cross Site Scripting (XSS) vulnerability — Slider by 10WebCWE-79 7.1 High2024-04-18
CVE-2024-2112 Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form BuilderCWE-287 5.9 Medium2024-04-09
CVE-2024-2296 Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79 5.5 Medium2024-04-06
CVE-2024-31116 WordPress 10Web Map Builder for Google Maps plugin <= 1.0.74 - SQL Injection vulnerability — 10Web Map Builder for Google MapsCWE-89 7.6 High2024-03-31
CVE-2024-29833 WordPress Photo Gallery Plugin <= 1.8.21 Stored Cross Site Scripting in UploadHandler — PhotoGalleryCWE-79 5.4 Medium2024-03-26
CVE-2024-29810 WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg thumb_url — PhotoGalleryCWE-79 5.4 Medium2024-03-26
CVE-2024-29809 WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_url — PhotoGalleryCWE-79 5.4 Medium2024-03-26

This page lists every published CVE security advisory associated with 10web. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.