Lucene search
K

352 matches found

Vulnrichment
Vulnrichment
added 2026/03/15 1:19 a.m.1 views

CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/15 1:19 a.m.36 views

CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

7.5CVSS0.00269EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/15 1:19 a.m.3 views

CVE-2026-1947

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References3
CVE
CVE
added 2026/03/15 1:19 a.m.15 views

CVE-2026-1947

The CVE concerns the NEX-Forms – Ultimate Forms Plugin for WordPress (WordPress plugin, affected up to version 9.1.9). The vulnerability is an Insecure Direct Object Reference in submit_nex_form() caused by missing validation on a user-controlled key, allowing unauthenticated attackers to overwri...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.4 views

PT-2026-25529

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submit nex form function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

7.5CVSS5.9AI score0.00269EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/14 3:24 a.m.38 views

CVE-2026-1948 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

4.3CVSS0.00212EPSS
Exploits0References2
CVE
CVE
added 2026/03/14 3:24 a.m.23 views

CVE-2026-1948

Technical details beyond the Initial Description are not provided in the Connected documents. Monitor for updates.

4.3CVSS5.8AI score0.00212EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/14 3:24 a.m.6 views

CVE-2026-1948 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/14 12:0 a.m.7 views

PT-2026-25503

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate license function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/21 7:31 p.m.17 views

CVE-2025-69326

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

7.1CVSS5.5AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.8 views

CVE-2025-69324

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

7.1CVSS5.5AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.5 views

CVE-2025-69326

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.8 views

CVE-2025-69324

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

7.1CVSS0.00244EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.14 views

CVE-2025-69324

CVE-2025-69324 describes a stored XSS vulnerability in Basix NEX-Forms (WordPress plugin: nex-forms-express-wp-form-builder) affecting versions up to and including 9.1.7. Root cause: improper input neutralization during web page generation leading to stored Cross-Site Scripting. Impact per source...

7.1CVSS5.5AI score0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.24 views

CVE-2025-69324 WordPress NEX-Forms plugin <= 9.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

7.1CVSS0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.5 views

CVE-2025-69324 WordPress NEX-Forms plugin <= 9.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

5.3AI score0.00244EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.10 views

CVE-2025-69326

CVE-2025-69326 is a Reflected XSS in the Basix NEX-Forms nex-forms-express-wp-form-builder plugin for WordPress, with input not properly neutralized during web page generation. Affected: NEX-Forms versions up to and including 9.1.7. Impact per the CVSS vector shows Network attack, User Interactio...

7.1CVSS5.5AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.22 views

CVE-2025-69326 WordPress NEX-Forms plugin <= 9.1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

7.1CVSS0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:46 p.m.4 views

CVE-2025-69326 WordPress NEX-Forms plugin <= 9.1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

7.1CVSS5.3AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.7 views

WordPress plugin NEX-Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.6AI score0.00244EPSS
Exploits0References1
Rows per page
Query Builder