The plugin was vulnerable to Authentication Bypass for Excel Reports allowing unauthenticated attackers to download Excel reports.
http://www.example.com/wp-admin/admin.php?page=nex-forms-dashboard&export_csv=true
basixonline.net/nex-forms-wordpress-form-builder-demo/change-log/
codecanyon.net/item/nexforms-the-ultimate-wordpress-form-builder/7103891
github.com/rauschecker/CVEs/tree/main/CVE-2021-34676