2 matches found
CVE-2020-36670 NEX-Forms <= 7.7.1 - Missing Authorization on Various AJAX Actions
The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to...
CVE-2020-36670
The CVE-2020-36670 entry concerns the NEX-Forms plugin for WordPress up to version 7.7.1. The vulnerability stems from missing capability checks on several AJAX actions, enabling authenticated attackers with subscriber-level permissions and above to perform unauthorized data disclosure and modifi...