A vulnerability, which was classified as problematic , was found in 10web Form Maker Plugin up to 1.15.40 on WordPress. This affects the function sanitize_text_field . The manipulation of the argument Matrix results in cross site scripting. This vulnerability is reported as CVE-2026-4388 . The attack can be launched remotely. No exploit exists. You should upgrade the affected component.