Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
basixonline nex-forms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-52120
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a up to and including 8.5.2.
Basixonline Nex-forms
7.2
CVSSv3
CVE-2023-50838
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and m...
Basixonline Nex-forms
5.4
CVSSv3
CVE-2023-0439
The NEX-Forms WordPress plugin prior to 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower role...
Basixonline Nex-forms
7.2
CVSSv3
CVE-2023-2114
The NEX-Forms WordPress plugin prior to 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.
Basixonline Nex-forms
2 Github repositories
5.4
CVSSv3
CVE-2023-0272
The NEX-Forms WordPress plugin prior to 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting ...
Basixonline Nex-forms
6.3
CVSSv3
CVE-2020-36670
The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissi...
Basixonline Nex-forms
8.8
CVSSv3
CVE-2022-3142
The NEX-Forms WordPress plugin prior to 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, howeve...
Basixonline Nex-forms
2 Github repositories
4.8
CVSSv3
CVE-2021-24705
The NEX-Forms WordPress plugin prior to 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow malicious users to make a logged in admin edit arbitrary fo...
Basixonline Nex-forms
7.5
CVSSv3
CVE-2021-34675
Basix NEX-Forms up to and including 7.8.7 allows authentication bypass for stored PDF reports.
Basixonline Nex-forms
7.5
CVSSv3
CVE-2021-34676
Basix NEX-Forms up to and including 7.8.7 allows authentication bypass for Excel report generation.
Basixonline Nex-forms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started