Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
basixonline nex-forms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50838
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and m...
Basixonline Nex-forms
NA
CVE-2022-3142
The NEX-Forms WordPress plugin prior to 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, howeve...
Basixonline Nex-forms
2 Github repositories
5
CVSSv2
CVE-2021-34675
Basix NEX-Forms up to and including 7.8.7 allows authentication bypass for stored PDF reports.
Basixonline Nex-forms
5
CVSSv2
CVE-2021-34676
Basix NEX-Forms up to and including 7.8.7 allows authentication bypass for Excel report generation.
Basixonline Nex-forms
NA
CVE-2023-52120
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a up to and including 8.5.2.
Basixonline Nex-forms
NA
CVE-2020-36670
The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissi...
Basixonline Nex-forms
NA
CVE-2023-0272
The NEX-Forms WordPress plugin prior to 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting ...
Basixonline Nex-forms
NA
CVE-2023-0439
The NEX-Forms WordPress plugin prior to 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower role...
Basixonline Nex-forms
NA
CVE-2023-2114
The NEX-Forms WordPress plugin prior to 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.
Basixonline Nex-forms
2 Github repositories
3.5
CVSSv2
CVE-2021-24705
The NEX-Forms WordPress plugin prior to 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow malicious users to make a logged in admin edit arbitrary fo...
Basixonline Nex-forms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started