Lucene search
K

354 matches found

CNVD
CNVD
added 2021/07/20 12:0 a.m.17 views

WordPress Basix NEX-Forms Plugin Authentication Bypass Vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...

7.5CVSS2.1AI score0.01822EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/07/20 12:0 a.m.16 views

NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports

The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. PoC http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboardcsv=true...

5CVSS2.3AI score0.01822EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/07/20 12:0 a.m.155 views

NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports

The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. http://www.example.com/wp-content/uploads/submissionreport.pdf...

5CVSS4AI score0.01822EPSS
Exploits2References3
wpexploit
wpexploit
added 2021/07/20 12:0 a.m.155 views

NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports

The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboard&exportcsv=true...

5CVSS4AI score0.01822EPSS
Exploits2References3
OSV
OSV
added 2021/07/19 5:15 p.m.6 views

CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

7.5CVSS5.8AI score0.01822EPSS
Exploits2References2
NVD
NVD
added 2021/07/19 5:15 p.m.14 views

CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

7.5CVSS0.01822EPSS
Exploits2References2
NVD
NVD
added 2021/07/19 5:15 p.m.16 views

CVE-2021-34676

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...

7.5CVSS0.01822EPSS
Exploits2References2
OSV
OSV
added 2021/07/19 5:15 p.m.6 views

CVE-2021-34676

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...

7.5CVSS5.8AI score0.01822EPSS
Exploits2References2
Prion
Prion
added 2021/07/19 5:15 p.m.18 views

Authentication flaw

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...

5CVSS7.8AI score0.01822EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2021/07/19 5:15 p.m.22 views

Authentication flaw

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

5CVSS7.7AI score0.01822EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/07/19 4:45 p.m.25 views

CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

7.9AI score0.01822EPSS
Exploits2References2
CVE
CVE
added 2021/07/19 4:45 p.m.61 views

CVE-2021-34675

CVE-2021-34675 affects the WordPress Basix NEX-Forms plugin up to version 7.8.7. The vulnerability is an authentication bypass that allows access to stored PDF reports without valid credentials. The issue is documented across multiple sources (NVD, Red Hat, CNVD, WPVulnDB) as an authentication by...

7.5CVSS7.7AI score0.01822EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/07/19 4:40 p.m.20 views

CVE-2021-34676

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...

8AI score0.01822EPSS
Exploits2References2
CVE
CVE
added 2021/07/19 4:40 p.m.78 views

CVE-2021-34676

Summary: CVE-2021-34676 affects Basix NEX-Forms (WordPress plugin) up to version 7.8.7. The underlying issue is an authentication bypass in the Excel report generation feature, enabling unauthenticated users to download Excel reports. The vulnerability is described consistently across multiple so...

7.5CVSS7.8AI score0.01822EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/07/19 12:0 a.m.6 views

WordPress 授权问题漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...

7.5CVSS5.7AI score0.01822EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/07/19 12:0 a.m.7 views

WordPress 授权问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress plugin Basix NEX-Forms 7.8.7 and earlie...

7.5CVSS7.3AI score0.01822EPSS
Exploits2References3
Prion
Prion
added 2019/10/07 3:15 p.m.14 views

Sql injection

The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nexformsId parameter...

7.5CVSS8.4AI score0.0237EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2019/10/07 12:0 a.m.6 views

PT-2019-7411 · Nexforms · Nex-Forms-Express-Wp-Form-Builder

Name of the Vulnerable Software and Affected Versions: nex-forms-express-wp-form-builder plugin versions prior to 4.6.1 Description: The issue is related to SQL injection via the "wp-admin/admin.php?page=nex-forms-main" API endpoint, specifically through the nex forms Id parameter. This allows fo...

9.8CVSS7.8AI score0.0237EPSS
Exploits1References7
CNVD
CNVD
added 2016/01/12 12:0 a.m.5 views

WordPress NEX-Forms Lite Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . NEX-Forms Lite is one of the user-defined plugin to create forms . A cross-site scripting vulnerability exists in...

6.1CVSS6AI score0.01155EPSS
Exploits1References1
NVD
NVD
added 2016/01/08 9:59 p.m.17 views

CVE-2014-7151

Multiple cross-site scripting XSS vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the formfields parameter in a 1 doedit or 2 doinsert action to wp-admin/admin-ajax.php...

6.1CVSS6.2AI score0.01155EPSS
Exploits1References2
Rows per page
Query Builder