CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55 matches found

NVD•added 2026/05/23 7:16 p.m.•8 views

CVE-2018-25352

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS0.00027EPSS

Exploits0References3

ATTACKERKB•added 2026/05/23 6:30 p.m.•7 views

CVE-2018-25352

7.1CVSS5.9AI score0.00027EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-7336

Malware in sbrugna...

9.8CVSS9.4AI score0.01674EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-52140

Malicious code in bioql PyPI...

8.5CVSS8.7AI score0.00169EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:42 a.m.•7 views

CVE-2024-37512

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10...

6.5CVSS6.8AI score0.00257EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:24 a.m.•2 views

CVE-2023-52120

Cross-Site Request Forgery CSRF vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2...

8.8CVSS8.5AI score0.00043EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 8:35 a.m.•7 views

CVE-2024-47389

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through = 8.7.3...

7.1CVSS5.9AI score0.0034EPSS

Exploits0References1

OSV•added 2024/12/06 2:15 p.m.•2 views

CVE-2024-53808

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8...

7.2CVSS7.3AI score0.00169EPSS

Exploits0References1

CVE•added 2024/12/06 1:6 p.m.•55 views

CVE-2024-53808

CVE-2024-53808 : SQL Injection in WordPress plugin “NEX-Forms – Ultimate Form Builder” (Basix NEX-Forms) ≤ 8.7.8. Root cause: improper neutralization of input in SQL commands. Affected products/versions: NEX-Forms – Ultimate Form Builder up to 8.7.8. Exploitation status in provided docs: not indi...

8.5CVSS7.3AI score0.00169EPSS

Exploits0References1Affected Software1

OSV•added 2024/10/05 3:15 p.m.•1 views

CVE-2024-47389

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Reflected XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.3...

6.1CVSS5.8AI score0.0034EPSS

Exploits0References1

NVD•added 2024/10/05 3:15 p.m.•14 views

CVE-2024-47389

7.1CVSS0.0034EPSS

Exploits0References1

Vulnrichment•added 2024/10/05 2:47 p.m.•12 views

CVE-2024-47389 WordPress NEX-Forms plugin <= 8.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS7AI score0.0034EPSS

Exploits0References1

Cvelist•added 2024/10/05 2:47 p.m.•21 views

CVE-2024-47389 WordPress NEX-Forms plugin <= 8.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS0.0034EPSS

Exploits0References1

CNNVD•added 2024/10/05 12:0 a.m.•2 views

WordPress plugin NEX-Forms – Ultimate Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS6.2AI score0.0034EPSS

Exploits0References2

Patchstack•added 2024/09/30 12:0 a.m.•10 views

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.7.3 is vulnerable to Cross Site Scripting (XSS)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.7.3 Fixed in 8.7.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47389 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6ed1c15130e3 Credits Le Ngoc Anh...

7.1CVSS6.5AI score0.0034EPSS

Exploits0References2Affected Software1

NVD•added 2024/07/21 8:15 a.m.•26 views

CVE-2024-37512

6.5CVSS0.00257EPSS

Exploits0References1

OSV•added 2024/07/21 8:15 a.m.•3 views

CVE-2024-37512

5.4CVSS5.8AI score0.00257EPSS

Exploits0References1

CVE•added 2024/07/21 7:17 a.m.•44 views

CVE-2024-37512

CVE-2024-37512 is a Stored XSS in Basix NEX-Forms – Ultimate Form Builder (WordPress plugin) affecting versions up to 8.5.10. The vulnerability stems from improper neutralization of input during web page generation. Public advisories from NVD/Red Hat and CVE records confirm the issue as Stored XS...

6.5CVSS6.4AI score0.00257EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2024/07/21 12:0 a.m.•3 views

PT-2024-27617 · Unknown · Basix Nex-Forms

Name of the Vulnerable Software and Affected Versions: Basix NEX-Forms – Ultimate Form Builder versions through 8.5.10 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which can be...

6.5CVSS6.3AI score0.00257EPSS

Exploits0References6

Patchstack•added 2024/07/05 12:0 a.m.•18 views

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.10 is vulnerable to Cross Site Scripting (XSS)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.10 Fixed in 8.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37512 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6818a3b8cb82 Credits LVT-tholv2k Require...

6.5CVSS6.6AI score0.00257EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by