Basixonline Nex-forms

21 CVEs affecting Basixonline Nex-forms. Latest disclosed: 2025-05-08. Critical: 1, High: 7.

Top CVEs affecting Basixonline Nex-forms
CVESeverityScorePublishedSummary
CVE-2015-9452Critical9.82019-10-07The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
CVE-2022-3142High8.82022-09-19The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The…
CVE-2024-53808High8.52024-12-06Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows…
CVE-2023-50838High7.62023-12-28Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms a…
CVE-2021-34676High7.52021-07-19Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation.
CVE-2021-34675High7.52021-07-19Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports.
CVE-2023-2114High7.22023-05-08The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL…
CVE-2024-47389High7.12024-10-05Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows…
CVE-2024-37512Medium6.52024-07-21Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Sto…
CVE-2024-25593Medium6.52024-03-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS…
CVE-2025-3468Medium6.42025-05-08The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and fo…
CVE-2025-4208Medium6.32025-05-08The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and inc…
CVE-2020-36670Medium6.32023-03-07The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing cap…
CVE-2023-52120Medium5.42024-01-05Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimat…
CVE-2023-0439Medium5.42023-07-17The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins…
CVE-2023-0272Medium5.42023-03-27The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the…
CVE-2024-1130Medium5.32024-02-29The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check…
CVE-2024-1129Medium5.32024-02-29The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check…
CVE-2024-0907Medium5.32024-02-29The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check…
CVE-2024-10862Medium4.92024-12-25The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in al…