4 matches found
CVE-2023-0439
The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...
CVE-2023-0439 NEX-Forms < 8.4.4 - Authenticated Stored XSS
The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...
CVE-2023-0439 NEX-Forms < 8.4.4 - Authenticated Stored XSS
The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...
CVE-2023-0439
CVE-2023-0439 affects the NEX-Forms WordPress plugin (versions prior to 8.4.4). The root cause is improper escaping of the form name, enabling a Stored XSS vulnerability. By default, only SuperAdmins/admins can create forms, but a setting can grant lower roles this ability, potentially broadening...