352 matches found
CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...
CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...
CVE-2026-1947
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...
CVE-2026-1947
The CVE concerns the NEX-Forms – Ultimate Forms Plugin for WordPress (WordPress plugin, affected up to version 9.1.9). The vulnerability is an Insecure Direct Object Reference in submit_nex_form() caused by missing validation on a user-controlled key, allowing unauthenticated attackers to overwri...
PT-2026-25529
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submit nex form function due to missing validation on a user controlled key. This makes it possible for unauthenticated...
CVE-2026-1948 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...
CVE-2026-1948
Technical details beyond the Initial Description are not provided in the Connected documents. Monitor for updates.
CVE-2026-1948 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...
PT-2026-25503
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate license function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...
CVE-2025-69326
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...
CVE-2025-69324
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...
CVE-2025-69326
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...
CVE-2025-69324
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...
CVE-2025-69324
CVE-2025-69324 describes a stored XSS vulnerability in Basix NEX-Forms (WordPress plugin: nex-forms-express-wp-form-builder) affecting versions up to and including 9.1.7. Root cause: improper input neutralization during web page generation leading to stored Cross-Site Scripting. Impact per source...
CVE-2025-69324 WordPress NEX-Forms plugin <= 9.1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...
CVE-2025-69324 WordPress NEX-Forms plugin <= 9.1.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...
CVE-2025-69326
CVE-2025-69326 is a Reflected XSS in the Basix NEX-Forms nex-forms-express-wp-form-builder plugin for WordPress, with input not properly neutralized during web page generation. Affected: NEX-Forms versions up to and including 9.1.7. Impact per the CVSS vector shows Network attack, User Interactio...
CVE-2025-69326 WordPress NEX-Forms plugin <= 9.1.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...
CVE-2025-69326 WordPress NEX-Forms plugin <= 9.1.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...
WordPress plugin NEX-Forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...