Lucene search
K

81 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-12351

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00503EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-13997

Malicious code in bioql PyPI...

6.3CVSS7.1AI score0.00282EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-14001

Malicious code in bioql PyPI...

6.4CVSS7.2AI score0.00182EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/08/20 9:5 a.m.9 views

WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin NEX-Forms versions = 9.1.3...

8.8CVSS6.6AI score0.00159EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/20 8:3 a.m.4 views

CVE-2025-49399 WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Basix NEX-Forms allows Cross Site Request Forgery. This issue affects NEX-Forms: from n/a through 9.1.3...

8.8CVSS7.2AI score0.00159EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.6 views

CVE-2024-1130

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setread function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

5.3CVSS5.1AI score0.00598EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:19 a.m.10 views

CVE-2024-10862

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'searchparams' parameter in all versions up to, and including, 8.7.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

4.9CVSS7.2AI score0.00578EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.11 views

CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

5.4CVSS5.3AI score0.00367EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:54 a.m.9 views

CVE-2023-0272

The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00503EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:19 a.m.12 views

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

8.8CVSS7AI score0.10375EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.12 views

CVE-2021-24705

The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site...

4.8CVSS6.3AI score0.00305EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:37 p.m.9 views

CVE-2020-36670

The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to...

6.3CVSS6.5AI score0.00554EPSS
Exploits0References1
NVD
NVD
added 2025/05/08 12:15 p.m.19 views

CVE-2025-4208

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the gettablerecords function. This is due to the unsanitized use of user-supplied input in calluserfunc. This makes it...

6.3CVSS0.00282EPSS
Exploits0References2
OSV
OSV
added 2025/05/08 12:15 p.m.11 views

CVE-2025-4208

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the gettablerecords function. This is due to the unsanitized use of user-supplied input in calluserfunc. This makes it...

6.3CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2025/05/08 12:15 p.m.6 views

CVE-2025-3468

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cleanhtml and formfields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it...

5.4CVSS7.4AI score
Exploits0References2
CVE
CVE
added 2025/05/08 11:13 a.m.72 views

CVE-2025-3468

CVE-2025-3468 affects the WordPress plugin NEX-Forms – Ultimate Form Builder . It is a Stored Cross-Site Scripting flaw exploitable via the clean_html and form_fields parameters in all versions up to and including 8.9.1. The issue requires an authenticated attacker with Custom-level access and ca...

6.4CVSS5.7AI score0.00182EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/05/08 11:13 a.m.23 views

CVE-2025-3468 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cleanhtml and formfields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00182EPSS
Exploits0References2
CVE
CVE
added 2025/05/08 11:13 a.m.76 views

CVE-2025-4208

CVE-2025-4208 affects the WordPress plugin “NEX-Forms – Ultimate Forms Plugin for WordPress.” The issue is a Limited Code Execution vulnerability in versions up to 8.9.1 caused by unsanitized user input being passed to call_user_func() inside the get_table_records function. This allows an authent...

6.3CVSS6.6AI score0.00282EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/14 7:53 p.m.17 views

CVE-2024-13498

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This make...

5.3CVSS6.7AI score0.00357EPSS
Exploits0References1
NVD
NVD
added 2025/03/12 6:15 a.m.8 views

CVE-2024-13498

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.8.1 via file uploads due to insufficient directory listing prevention and lack of randomization of file names. This make...

5.3CVSS0.00357EPSS
Exploits0References2
Rows per page
Query Builder