Basixonline Nex-forms
21 CVEs affecting Basixonline Nex-forms. Latest disclosed: 2025-05-08. Critical: 1, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-9452 | Critical | 9.8 | 2019-10-07 | The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter. |
CVE-2022-3142 | High | 8.8 | 2022-09-19 | The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The… |
CVE-2024-53808 | High | 8.5 | 2024-12-06 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows… |
CVE-2023-50838 | High | 7.6 | 2023-12-28 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms a… |
CVE-2021-34676 | High | 7.5 | 2021-07-19 | Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation. |
CVE-2021-34675 | High | 7.5 | 2021-07-19 | Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports. |
CVE-2023-2114 | High | 7.2 | 2023-05-08 | The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL… |
CVE-2024-47389 | High | 7.1 | 2024-10-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows… |
CVE-2024-37512 | Medium | 6.5 | 2024-07-21 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Sto… |
CVE-2024-25593 | Medium | 6.5 | 2024-03-15 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS… |
CVE-2025-3468 | Medium | 6.4 | 2025-05-08 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and fo… |
CVE-2025-4208 | Medium | 6.3 | 2025-05-08 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and inc… |
CVE-2020-36670 | Medium | 6.3 | 2023-03-07 | The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing cap… |
CVE-2023-52120 | Medium | 5.4 | 2024-01-05 | Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimat… |
CVE-2023-0439 | Medium | 5.4 | 2023-07-17 | The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins… |
CVE-2023-0272 | Medium | 5.4 | 2023-03-27 | The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the… |
CVE-2024-1130 | Medium | 5.3 | 2024-02-29 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check… |
CVE-2024-1129 | Medium | 5.3 | 2024-02-29 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check… |
CVE-2024-0907 | Medium | 5.3 | 2024-02-29 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check… |
CVE-2024-10862 | Medium | 4.9 | 2024-12-25 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in al… |