Lucene search
K

4 matches found

OSV
OSV
added 2023/07/17 2:15 p.m.4 views

CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

5.4CVSS5.8AI score0.00317EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/17 1:29 p.m.34 views

CVE-2023-0439 NEX-Forms < 8.4.4 - Authenticated Stored XSS

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

5.5AI score0.00317EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/17 1:29 p.m.14 views

CVE-2023-0439 NEX-Forms < 8.4.4 - Authenticated Stored XSS

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

5.9AI score0.00317EPSS
Exploits1References1
CVE
CVE
added 2023/07/17 1:29 p.m.58 views

CVE-2023-0439

CVE-2023-0439 affects the NEX-Forms WordPress plugin (versions prior to 8.4.4). The root cause is improper escaping of the form name, enabling a Stored XSS vulnerability. By default, only SuperAdmins/admins can create forms, but a setting can grant lower roles this ability, potentially broadening...

5.4CVSS5.4AI score0.00317EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder