Nex-forms Lite Security Vulnerabilities and Issues — Nex-forms Lite CVE List

Lucene search

Nex-forms Lite ProjectNex-forms Lite

5 matches found

CVE•added 2023/03/27 4:15 p.m.•57 views

CVE-2023-0272

The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4CVSS5.3AI score0.00144EPSS

CVE•added 2023/05/08 2:15 p.m.•56 views

CVE-2023-2114

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query.

7.2CVSS7.3AI score0.74389EPSS

CVE•added 2021/12/13 11:15 a.m.•45 views

CVE-2021-24705

The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site Scripti...

4.8CVSS4.9AI score0.00205EPSS

CVE•added 2023/07/17 2:15 p.m.•45 views

CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feat...

5.4CVSS5.4AI score0.00087EPSS

CVE•added 2016/01/08 9:59 p.m.•29 views

CVE-2014-7151

Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php.

6.1CVSS6.1AI score0.00166EPSS