CVE-2025-69326

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

WordPress Nex-Forms Express WP Form Builder plugin < 9.1.8 - Authenticated Stored XSS vulnerability

Authenticated Stored XSS vulnerability discovered by Vuln Seeker Cyber Security Team in WordPress Plugin NEX-Forms versions 9.1.8...

CVE-2025-14803

CVE-2025-14803 concerns the Nex-Forms WordPress plugin, affected up to version 9.1.8. The issue arises from inadequate sanitization/escaping of certain settings, enabling stored XSS when configured in a specific way. Public Red Hat and CIRCL entries corroborate the same description. Red Hat notes...

EUVD-2015-9292

Malware in sbrugna...

CVE-2015-9452

The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nexformsId parameter...

Sql injection

The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nexformsId parameter...

PT-2019-7411 · Nexforms · Nex-Forms-Express-Wp-Form-Builder

Name of the Vulnerable Software and Affected Versions: nex-forms-express-wp-form-builder plugin versions prior to 4.6.1 Description: The issue is related to SQL injection via the "wp-admin/admin.php?page=nex-forms-main" API endpoint, specifically through the nex forms Id parameter. This allows fo...