Lucene search
K

354 matches found

Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.18 views

PT-2026-41277

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

WordPress plugin NEX-Forms – Ultimate Forms Plugin SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/14 6:51 p.m.12 views

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.1.12 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Athul Jayaram - SecurityInfinity in WordPress Plugin NEX-Forms versions = 9.1.12...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/06 10:37 a.m.11 views

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.1.11 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin NEX-Forms versions = 9.1.11...

7.2CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-5063

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submitnexform function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6AI score0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/05/03 6:15 a.m.30 views

CVE-2026-5063

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submitnexform function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS0.00243EPSS
Exploits0References2
CVE
CVE
added 2026/05/03 4:25 a.m.21 views

CVE-2026-5063

Affected software: NEX-Forms – Ultimate Forms Plugin for WordPress. Vulnerable component/function: submit_nex_form() in versions up to and including 9.1.11. Root cause: insufficient input sanitization and output escaping. Impact: unauthenticated stored Cross-Site Scripting via POST parameter key ...

7.2CVSS6AI score0.00243EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/03 4:25 a.m.8 views

CVE-2026-5063

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submitnexform function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6AI score0.00243EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/03 4:25 a.m.5 views

CVE-2026-5063 NEX-Forms <= 9.1.11 - Unauthenticated Stored Cross-Site Scripting via POST Parameter Key Names

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submitnexform function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6AI score0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/03 4:25 a.m.56 views

CVE-2026-5063 NEX-Forms <= 9.1.11 - Unauthenticated Stored Cross-Site Scripting via POST Parameter Key Names

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submitnexform function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/03 4:25 a.m.23 views

EUVD-2026-26815

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submitnexform function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.9 views

PT-2026-36681

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit nex form function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6AI score0.00243EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.9 views

WordPress plugin NEX-Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.8AI score0.00243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.3 views

CVE-2026-1948

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.3 views

CVE-2026-1947

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/17 6:35 a.m.6 views

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nfsetentryupdateid vulnerability discovered by Youssef Elouaer in WordPress Plugin NEX-Forms versions = 9.1.9...

7.5CVSS5.8AI score0.00269EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/03/16 9:29 p.m.11 views

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Authenticated Subscriber+ License Deactivation via deactivatelicense vulnerability discovered by Legion Hunter in WordPress Plugin NEX-Forms versions = 9.1.9...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/16 3:30 p.m.10 views

EUVD-2026-12182

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References3
NVD
NVD
added 2026/03/16 2:18 p.m.7 views

CVE-2026-1948

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

4.3CVSS0.00212EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:18 p.m.3 views

CVE-2026-1947

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

7.5CVSS0.00269EPSS
Exploits0References2
Rows per page
Query Builder