Nex-forms Security Vulnerabilities and Issues — Nex-forms CVE List

Lucene search

BasixonlineNex-forms

9 matches found

CVE•added 2024/03/15 2:15 p.m.•60 views

CVE-2024-25593

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.5.

6.5CVSS6.4AI score0.00077EPSS

CVE•added 2024/02/29 1:43 a.m.•58 views

CVE-2024-1129

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscri...

5.3CVSS5.9AI score0.00271EPSS

CVE•added 2024/02/29 1:43 a.m.•53 views

CVE-2024-0907

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with sub...

5.3CVSS5.9AI score0.00488EPSS

CVE•added 2024/02/29 1:43 a.m.•49 views

CVE-2024-1130

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber...

5.3CVSS5.9AI score0.00447EPSS

CVE•added 2024/12/25 7:15 a.m.•46 views

CVE-2024-10862

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

4.9CVSS5.4AI score0.00078EPSS

CVE•added 2024/12/06 2:15 p.m.•44 views

CVE-2024-53808

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8.

8.5CVSS8.8AI score0.00129EPSS

CVE•added 2024/07/21 8:15 a.m.•36 views

CVE-2024-37512

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10.

6.5CVSS6.4AI score0.00115EPSS

CVE•added 2024/10/05 3:15 p.m.•34 views

CVE-2024-47389

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Reflected XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.3.

7.1CVSS7.2AI score0.00127EPSS

CVE•added 2024/01/05 10:15 a.m.•31 views

CVE-2023-52120

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2.

8.8CVSS8.6AI score0.00043EPSS