Lucene search
K

360 matches found

NVD
NVD
added yesterday4 views

CVE-2026-57668

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.2.2...

7.1CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday28 views

CVE-2026-57668 WordPress NEX-Forms plugin <= 9.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.2.2...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-57668

CVE-2026-57668 concerns the WordPress plugin family NEX-Forms (Basix NEX-Forms nex-forms-express-wp-form-builder) with a Stored XSS vulnerability due to improper input neutralization during web page generation. Affected versions are NEX-Forms up to and including 9.2.2. The CVSS v3.1 base metrics ...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57736

Name of the Vulnerable Software and Affected Versions Basix NEX-Forms versions prior to 9.2.3 Description Improper neutralization of input during web page generation leads to a stored cross-site scripting XSS issue. This allows an attacker to inject malicious scripts that are stored on the server...

7.1CVSS6AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-9017

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00273EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-43163

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References8
Patchstack
Patchstack
added 4 days ago5 views

WordPress NEX-Forms plugin <= 9.2.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin NEX-Forms versions = 9.2.2...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 9:45 a.m.10 views

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.2.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Taichi Kashimura in WordPress Plugin NEX-Forms versions = 9.2.2...

7.2CVSS5.9AI score0.00304EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/03 4:30 a.m.24 views

CVE-2026-13040

The CVE covers the NEX-Forms – Ultimate Forms Plugin for WordPress (up to version 9.2.2). It exposes a Stored Cross-Site Scripting (XSS) flaw via the real_val__ parameter due to insufficient input sanitization and output escaping. The vulnerability is exploitable because the wp_ajax_nopriv_submit...

7.2CVSS5.9AI score0.00304EPSS
Exploits0References14
EUVD
EUVD
added 2026/07/03 4:30 a.m.8 views

EUVD-2026-41487

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'realval' parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.9AI score0.00304EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/07/03 4:30 a.m.37 views

CVE-2026-13040 NEX-Forms <= 9.2.2 - Unauthenticated Stored Cross-Site Scripting via 'real_val__' Parameter

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'realval' parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00304EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/07/03 4:30 a.m.10 views

CVE-2026-13040

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'realval' parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.9AI score0.00304EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.15 views

PT-2026-55495

Name of the Vulnerable Software and Affected Versions NEX-Forms – Ultimate Forms Plugin for WordPress versions prior to 9.2.3 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS, a technique where malicious...

7.2CVSS6.1AI score0.00304EPSS
Exploits0References19
NVD
NVD
added 2026/07/01 11:16 a.m.11 views

CVE-2026-12142

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'name' Array Parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00304EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:32 a.m.7 views

CVE-2026-12142

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'name' Array Parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS5.9AI score0.00304EPSS
Exploits0References15
CVE
CVE
added 2026/07/01 9:32 a.m.21 views

CVE-2026-12142

CVE-2026-12142 affects the NEX-Forms – Ultimate Forms Plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) via the internal parameter named '_name[]' , present in all versions up to and including 9.2.2 . Root cause: insufficient input sanitization and output escaping, co...

7.2CVSS5.9AI score0.00304EPSS
Exploits0References14
NVD
NVD
added 2026/06/27 6:16 a.m.10 views

CVE-2026-12404

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00281EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/27 5:33 a.m.39 views

CVE-2026-12404 NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport Class

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00281EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/27 5:33 a.m.7 views

CVE-2026-12404

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS5.8AI score0.00281EPSS
Exploits0References9
CVE
CVE
added 2026/06/27 5:33 a.m.22 views

CVE-2026-12404

The CVE concerns the NEX-Forms – Ultimate Forms Plugin for WordPress. All versions up to and including 9.2.2 are vulnerable to an authorization bypass due to improper verification of user permissions. This allows unauthenticated attackers to enumerate sequential report IDs and download complete f...

5.3CVSS5.8AI score0.00281EPSS
Exploits0References8
Rows per page
Query Builder