The NEX-Forms WordPress plugin prior to 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow malicious users to make a logged in admin edit arbitrary forms with Cross-Site Scripting payloads in them
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
basixonline nex-forms |