2 matches found
WordPress NEX-Forms plugin <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function vulnerability
Authenticated Custom Limited Code Execution via gettablerecords Function vulnerability discovered by m3ssap0 in WordPress Plugin NEX-Forms versions = 8.9.1...
CVE-2025-4208
CVE-2025-4208 affects the WordPress plugin “NEX-Forms – Ultimate Forms Plugin for WordPress.” The issue is a Limited Code Execution vulnerability in versions up to 8.9.1 caused by unsanitized user input being passed to call_user_func() inside the get_table_records function. This allows an authent...