Lucene search
K

81 matches found

CVE
CVE
added 2026/03/15 1:19 a.m.15 views

CVE-2026-1947

The CVE concerns the NEX-Forms – Ultimate Forms Plugin for WordPress (WordPress plugin, affected up to version 9.1.9). The vulnerability is an Insecure Direct Object Reference in submit_nex_form() caused by missing validation on a user-controlled key, allowing unauthenticated attackers to overwri...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/15 1:19 a.m.1 views

CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References2
CVE
CVE
added 2026/03/14 3:24 a.m.24 views

CVE-2026-1948

Technical details beyond the Initial Description are not provided in the Connected documents. Monitor for updates.

4.3CVSS5.8AI score0.00212EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/09 7:37 a.m.10 views

WordPress NEX-Forms plugin <= 9.1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin NEX-Forms versions = 9.1.7...

7.1CVSS5.4AI score0.0018EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/01/31 1:23 a.m.9 views

EUVD-2025-206597

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/31 1:23 a.m.6 views

CVE-2025-15510

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5ExportForms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configuration...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References3
CVE
CVE
added 2026/01/31 1:23 a.m.23 views

CVE-2025-15510

CVE-2025-15510 affects NEX-Forms – Ultimate Forms Plugin for WordPress. The underlying issue is a missing capability check in the NF5_Export_Forms class constructor, allowing unauthenticated users to export form configurations by enumerating nex_forms_Id in all versions up to and including 9.1.8....

5.3CVSS5.9AI score0.00285EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/31 12:0 a.m.9 views

PT-2026-5500

The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5 Export Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/31 12:0 a.m.8 views

WordPress plugin NEX-Forms – Ultimate Forms has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/09 6:0 a.m.27 views

CVE-2025-14803 Nex-Forms Express WP Form Builder < 9.1.8 - Authenticated Stored XSS

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting...

0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/09 6:0 a.m.4 views

CVE-2025-14803 Nex-Forms Express WP Form Builder < 9.1.8 - Authenticated Stored XSS

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting...

5.8AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.8 views

PT-2026-1755

Name of the Vulnerable Software and Affected Versions NEX-Forms WordPress plugin versions prior to 9.1.8 Description The NEX-Forms WordPress plugin does not properly sanitise and escape certain settings. This configuration can allow subscribers to execute Stored Cross-Site Scripting attacks...

6.8CVSS5.7AI score0.00235EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/12 8:23 a.m.11 views

CVE-2025-10185

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS6.4AI score0.00297EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/11 9:30 a.m.6 views

EUVD-2025-33815

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS5.9AI score0.00297EPSS
Exploits0References4
CVE
CVE
added 2025/10/11 7:25 a.m.21 views

CVE-2025-10185

CVE-2025-10185 affects NEX-Forms – Ultimate Forms Plugin for WordPress, where an SQL Injection is possible via the orderby parameter in the nf_load_form_entries action. Affected versions are up to 9.1.6. Exploitation requires Administrator+ privileges, but could be exposed to lower-privilege user...

4.9CVSS6AI score0.00297EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/11 7:25 a.m.10 views

CVE-2025-10185 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nfloadformentries in all versions up to, and including, 9.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS0.00297EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/11 12:0 a.m.8 views

PT-2025-41642

Name of the Vulnerable Software and Affected Versions NEX-Forms – Ultimate Forms Plugin for WordPress versions through 9.1.6 Description The software is susceptible to SQL Injection through the orderby parameter within the nf load form entries action. Insufficient input sanitization and inadequat...

4.9CVSS7.2AI score0.00297EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-24112

Malware in sbrugna...

6.3CVSS6.5AI score0.00554EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-16903

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00598EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-13997

Malicious code in bioql PyPI...

6.3CVSS7.1AI score0.00282EPSS
Exploits0References3
Rows per page
Query Builder