Lucene search
+L

366 matches found

wpexploit
wpexploit
added 2022/08/01 12:0 a.m.155 views

NEX-Forms < 7.9.7 - Authenticated SQLi

The plugin does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin setting...

8.8CVSS3.1AI score0.10375EPSS
Exploits5References2
CNVD
CNVD
added 2021/12/18 12:0 a.m.41 views

WordPress NEX-Forms plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.NEX-Forms plugin is a WordPress open source application plugin.WordPress NEX-Forms plugin has a cross-site scripting...

4.8CVSS1AI score0.00305EPSS
Exploits2References1
OSV
OSV
added 2021/12/13 11:15 a.m.8 views

CVE-2021-24705

The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site...

4.8CVSS5.9AI score0.00305EPSS
Exploits2References1
NVD
NVD
added 2021/12/13 11:15 a.m.26 views

CVE-2021-24705

The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site...

4.8CVSS0.00305EPSS
Exploits2References1
Prion
Prion
added 2021/12/13 11:15 a.m.22 views

Cross site scripting

The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site...

3.5CVSS5AI score0.00305EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/12/13 10:40 a.m.62 views

CVE-2021-24705

CVE-2021-24705 affects the NEX-Forms WordPress plugin prior to version 8.4.3. The issue is lack of CSRF protection when editing a form and insufficient escaping of certain settings and form fields before output in attributes, enabling a logged-in admin to edit forms with stored Cross-Site Scripti...

4.8CVSS4.9AI score0.00305EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/12/13 10:40 a.m.25 views

CVE-2021-24705 NEX-Forms < 8.4.3 - Stored Cross-Site Scripting via CSRF

The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site...

5.3AI score0.00305EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.7 views

WordPress plugin NEX-Forms 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.NEX-Forms plugin is a WordPress open source application plugin.WordPress NEX-Forms plugin has a cross-site scripting...

4.8CVSS5.6AI score0.00305EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2021/12/13 12:0 a.m.9 views

PT-2021-16208 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms WordPress plugin versions prior to 8.4.3 Description: The issue concerns the lack of CSRF checks when editing a form and the failure to escape some settings and form fields before outputting them in attributes. This could allow...

4.8CVSS4.8AI score0.00305EPSS
Exploits2References4
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.45 views

WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.1 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Stored Cross-Site Scripting XSS vulnerabilities were discovered by Shivam Rai in WordPress NEX-Forms – Ultimate Form Builder plugin versions = 8.1. Solution Deactivate and delete. This plugin has been closed as of October 4, 2021 and is not available for download. This closure is...

4.8CVSS2AI score0.00305EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.156 views

NEX-Forms <= 7.9.4 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In Global Setting Preferences Validation, put the following...

4.8CVSS5AI score0.00305EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/07/20 12:0 a.m.14 views

NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports

The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. PoC http://www.example.com/wp-content/uploads/submissionreport.pdf...

5CVSS2.4AI score0.01822EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/07/20 12:0 a.m.156 views

NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports

The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboard&exportcsv=true...

5CVSS4AI score0.01822EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2021/07/20 12:0 a.m.17 views

NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports

The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. PoC http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboardcsv=true...

5CVSS2.3AI score0.01822EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/07/20 12:0 a.m.157 views

NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports

The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. http://www.example.com/wp-content/uploads/submissionreport.pdf...

5CVSS4AI score0.01822EPSS
Exploits2References3
CNVD
CNVD
added 2021/07/20 12:0 a.m.18 views

WordPress Basix NEX-Forms Plugin Authentication Bypass Vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...

7.5CVSS2.1AI score0.01822EPSS
Exploits2References1
NVD
NVD
added 2021/07/19 5:15 p.m.14 views

CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

7.5CVSS0.01822EPSS
Exploits2References2
OSV
OSV
added 2021/07/19 5:15 p.m.7 views

CVE-2021-34676

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...

7.5CVSS5.8AI score0.01822EPSS
Exploits2References2
NVD
NVD
added 2021/07/19 5:15 p.m.18 views

CVE-2021-34676

Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...

7.5CVSS0.01822EPSS
Exploits2References2
OSV
OSV
added 2021/07/19 5:15 p.m.8 views

CVE-2021-34675

Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...

7.5CVSS5.8AI score0.01822EPSS
Exploits2References2
Rows per page
Query Builder