Lucene search
K

4 matches found

NVD
NVD
added 2023/07/17 2:15 p.m.37 views

CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

5.4CVSS0.00367EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/17 1:29 p.m.35 views

CVE-2023-0439 NEX-Forms < 8.4.4 - Authenticated Stored XSS

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

5.5AI score0.00367EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/17 1:29 p.m.14 views

CVE-2023-0439 NEX-Forms < 8.4.4 - Authenticated Stored XSS

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such featur...

5.9AI score0.00367EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/06/26 12:0 a.m.16 views

NEX-Forms < 8.4.4 - Authenticated Stored XSS

The plugin does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such feature. PoC Create a new form with the...

5.4CVSS5.4AI score0.00367EPSS
Exploits1Affected Software1
Rows per page
Query Builder