366 matches found
NEX-Forms < 7.9.7 - Authenticated SQLi
The plugin does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin setting...
WordPress NEX-Forms plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.NEX-Forms plugin is a WordPress open source application plugin.WordPress NEX-Forms plugin has a cross-site scripting...
CVE-2021-24705
The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site...
CVE-2021-24705
The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site...
Cross site scripting
The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site...
CVE-2021-24705
CVE-2021-24705 affects the NEX-Forms WordPress plugin prior to version 8.4.3. The issue is lack of CSRF protection when editing a form and insufficient escaping of certain settings and form fields before output in attributes, enabling a logged-in admin to edit forms with stored Cross-Site Scripti...
CVE-2021-24705 NEX-Forms < 8.4.3 - Stored Cross-Site Scripting via CSRF
The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site...
WordPress plugin NEX-Forms 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.NEX-Forms plugin is a WordPress open source application plugin.WordPress NEX-Forms plugin has a cross-site scripting...
PT-2021-16208 · WordPress · Nex-Forms
Name of the Vulnerable Software and Affected Versions: NEX-Forms WordPress plugin versions prior to 8.4.3 Description: The issue concerns the lack of CSRF checks when editing a form and the failure to escape some settings and form fields before outputting them in attributes. This could allow...
WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.1 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Stored Cross-Site Scripting XSS vulnerabilities were discovered by Shivam Rai in WordPress NEX-Forms – Ultimate Form Builder plugin versions = 8.1. Solution Deactivate and delete. This plugin has been closed as of October 4, 2021 and is not available for download. This closure is...
NEX-Forms <= 7.9.4 - Multiple Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In Global Setting Preferences Validation, put the following...
NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports
The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. PoC http://www.example.com/wp-content/uploads/submissionreport.pdf...
NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports
The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboard&exportcsv=true...
NEX Forms < 7.8.8 - Authentication Bypass for Excel Reports
The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports. PoC http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboardcsv=true...
NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports
The plugin was vulnerable to Authentication Bypass for PDF Reports allowing unauthenticated attackers to download PDF reports. http://www.example.com/wp-content/uploads/submissionreport.pdf...
WordPress Basix NEX-Forms Plugin Authentication Bypass Vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin Basix NEX-Forms in version 7.8.7 and earlier has an authentication bypass vulnerabilit...
CVE-2021-34675
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...
CVE-2021-34676
Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...
CVE-2021-34676
Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation...
CVE-2021-34675
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports...