Basixonline

Nex-forms

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2025-4208

  • EPSS 0.17%
  • Veröffentlicht 08.05.2025 11:13:44
  • Zuletzt bearbeitet 04.06.2025 22:58:48

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the get_table_records function. This is due to the unsanitized use of use...

5.4

CVE-2025-3468

  • EPSS 0.04%
  • Veröffentlicht 08.05.2025 11:13:44
  • Zuletzt bearbeitet 04.06.2025 22:54:54

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and form_fields parameters in all versions up to, and including, 8.9.1 due to insufficient input ...

4.9

CVE-2024-10862

  • EPSS 0.15%
  • Veröffentlicht 25.12.2024 07:15:11
  • Zuletzt bearbeitet 17.01.2025 14:53:51

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied p...

7.2

CVE-2024-53808

  • EPSS 0.04%
  • Veröffentlicht 06.12.2024 14:15:23
  • Zuletzt bearbeitet 22.01.2025 18:04:55

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8.

6.1

CVE-2024-47389

  • EPSS 0.28%
  • Veröffentlicht 05.10.2024 15:15:15
  • Zuletzt bearbeitet 22.01.2025 22:03:18

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Reflected XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.3.

5.4

CVE-2024-37512

  • EPSS 0.26%
  • Veröffentlicht 21.07.2024 08:15:04
  • Zuletzt bearbeitet 22.01.2025 22:09:33

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10.

5.4

CVE-2024-25593

  • EPSS 0.08%
  • Veröffentlicht 15.03.2024 14:15:07
  • Zuletzt bearbeitet 23.01.2025 19:34:29

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.5.

4.3

CVE-2024-1130

  • EPSS 0.45%
  • Veröffentlicht 29.02.2024 01:43:41
  • Zuletzt bearbeitet 15.01.2025 17:29:06

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. This makes it poss...

4.3

CVE-2024-1129

  • EPSS 0.27%
  • Veröffentlicht 29.02.2024 01:43:40
  • Zuletzt bearbeitet 15.01.2025 17:27:54

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it p...

4.3

CVE-2024-0907

  • EPSS 0.66%
  • Veröffentlicht 29.02.2024 01:43:30
  • Zuletzt bearbeitet 15.01.2025 17:20:49

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes ...