2 matches found
CVE-2026-13040
The CVE covers the NEX-Forms – Ultimate Forms Plugin for WordPress (up to version 9.2.2). It exposes a Stored Cross-Site Scripting (XSS) flaw via the real_val__ parameter due to insufficient input sanitization and output escaping. The vulnerability is exploitable because the wp_ajax_nopriv_submit...
EUVD-2026-41487
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'realval' parameter in all versions up to, and including, 9.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...