CVE ID :CVE-2026-4388 Published : April 14, 2026, 3:16 a.m. | 39 minutes ago Description :The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box input type) in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization (`sanitize_text_field` strips tags but not quotes) and missing output escaping when rendering submission data in the admin Submissions view. This makes it possible for unauthenticated attackers to inject arbitrary JavaScript through a form submission that executes in the browser of an administrator who views the submission details. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...