WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Authenticated Subscriber+ License Deactivation via deactivatelicense vulnerability discovered by Legion Hunter in WordPress Plugin NEX-Forms versions = 9.1.9...

CVE-2025-69324 WordPress NEX-Forms plugin <= 9.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.1.7...

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability discovered by Deadbee - NA in WordPress Plugin NEX-Forms versions = 9.1.8...

CVE-2025-49399 WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Basix NEX-Forms allows Cross Site Request Forgery. This issue affects NEX-Forms: from n/a through 9.1.3...

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to SQL Injection

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions = 8.5.5 Fixed in 8.5.6 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-50838 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 3121cd44ed44 Credits Khalid Yusuf Required privilege...

WordPress NEX-Forms – Ultimate Form Builder Plugin < 8.4 is vulnerable to SQL Injection

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions 8.4 Fixed in 8.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2114 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 633a726244b6 Credits Alexander Schmid Required privilege...

WordPress NEX-Forms – Ultimate Form Builder Plugin < 8.3.3 is vulnerable to Cross Site Scripting (XSS)

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions 8.3.3 Fixed in 8.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0272 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a3bd5c028514 Credits La...

WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.1 - Multiple Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Stored Cross-Site Scripting XSS vulnerabilities were discovered by Shivam Rai in WordPress NEX-Forms – Ultimate Form Builder plugin versions = 8.1. Solution Deactivate and delete. This plugin has been closed as of October 4, 2021 and is not available for download. This closure is...