Basixonline

Nex-forms

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2025-4208

  • EPSS 0.48%
  • Veröffentlicht 08.05.2025 11:13:44
  • Zuletzt bearbeitet 04.06.2025 22:58:48

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the get_table_records function. This is due to the unsanitized use of use...

5.4

CVE-2025-3468

  • EPSS 0.12%
  • Veröffentlicht 08.05.2025 11:13:44
  • Zuletzt bearbeitet 04.06.2025 22:54:54

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and form_fields parameters in all versions up to, and including, 8.9.1 due to insufficient input ...

4.9

CVE-2024-10862

  • EPSS 0.19%
  • Veröffentlicht 25.12.2024 07:15:11
  • Zuletzt bearbeitet 08.04.2026 19:19:32

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.15 due to insufficient escaping on the user supplied p...

7.2

CVE-2024-53808

  • EPSS 0.2%
  • Veröffentlicht 06.12.2024 14:15:23
  • Zuletzt bearbeitet 01.04.2026 16:20:42

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows SQL Injection.This issue affects NEX-Forms: from n/a through <= 8.7.8.

6.1

CVE-2024-47389

  • EPSS 0.39%
  • Veröffentlicht 05.10.2024 15:15:15
  • Zuletzt bearbeitet 01.04.2026 16:18:15

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through <= 8.7.3.

5.4

CVE-2024-37512

  • EPSS 0.26%
  • Veröffentlicht 21.07.2024 08:15:04
  • Zuletzt bearbeitet 22.01.2025 22:09:33

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10.

5.4

CVE-2024-25593

  • EPSS 0.08%
  • Veröffentlicht 15.03.2024 14:15:07
  • Zuletzt bearbeitet 23.01.2025 19:34:29

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.5.

4.3

CVE-2024-1130

  • EPSS 0.45%
  • Veröffentlicht 29.02.2024 01:43:41
  • Zuletzt bearbeitet 08.04.2026 19:20:33

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. This makes it poss...

4.3

CVE-2024-1129

  • EPSS 0.27%
  • Veröffentlicht 29.02.2024 01:43:40
  • Zuletzt bearbeitet 08.04.2026 18:20:28

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it p...

4.3

CVE-2024-0907

  • EPSS 0.66%
  • Veröffentlicht 29.02.2024 01:43:30
  • Zuletzt bearbeitet 08.04.2026 17:17:27

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes ...