354 matches found
WordPress Basix NEX-Forms Plugin Authentication Bypass Vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...
NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports
The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. PoC http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboardcsv=true...
NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports
The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. http://www.example.com/wp-content/uploads/submissionreport.pdf...
NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports
The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboard&exportcsv=true...
CVE-2021-34675
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...
CVE-2021-34675
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...
CVE-2021-34676
Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...
CVE-2021-34676
Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...
Authentication flaw
Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...
Authentication flaw
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...
CVE-2021-34675
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...
CVE-2021-34675
CVE-2021-34675 affects the WordPress Basix NEX-Forms plugin up to version 7.8.7. The vulnerability is an authentication bypass that allows access to stored PDF reports without valid credentials. The issue is documented across multiple sources (NVD, Red Hat, CNVD, WPVulnDB) as an authentication by...
CVE-2021-34676
Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...
CVE-2021-34676
Summary: CVE-2021-34676 affects Basix NEX-Forms (WordPress plugin) up to version 7.8.7. The underlying issue is an authentication bypass in the Excel report generation feature, enabling unauthenticated users to download Excel reports. The vulnerability is described consistently across multiple so...
WordPress 授权问题漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...
WordPress 授权问题漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress plugin Basix NEX-Forms 7.8.7 and earlie...
Sql injection
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nexformsId parameter...
PT-2019-7411 · Nexforms · Nex-Forms-Express-Wp-Form-Builder
Name of the Vulnerable Software and Affected Versions: nex-forms-express-wp-form-builder plugin versions prior to 4.6.1 Description: The issue is related to SQL injection via the "wp-admin/admin.php?page=nex-forms-main" API endpoint, specifically through the nex forms Id parameter. This allows fo...
WordPress NEX-Forms Lite Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . NEX-Forms Lite is one of the user-defined plugin to create forms . A cross-site scripting vulnerability exists in...
CVE-2014-7151
Multiple cross-site scripting XSS vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the formfields parameter in a 1 doedit or 2 doinsert action to wp-admin/admin-ajax.php...