Nex-forms Lite Security Vulnerabilities and Issues — Nex-forms Lite CVE List

Lucene search

Nex-forms Lite ProjectNex-forms Lite

3 matches found

CVE•added 2023/03/27 4:15 p.m.•57 views

CVE-2023-0272

The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4CVSS5.3AI score0.00144EPSS

CVE•added 2023/05/08 2:15 p.m.•56 views

CVE-2023-2114

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query.

7.2CVSS7.3AI score0.74389EPSS

CVE•added 2023/07/17 2:15 p.m.•45 views

CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feat...

5.4CVSS5.4AI score0.00087EPSS