Webaways Nex-forms – Ultimate Forms Plugin For Wordpress
14 CVEs affecting Webaways Nex-forms – Ultimate Forms Plugin For Wordpress. Latest disclosed: 2026-05-15. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-1947 | High | 7.5 | 2026-03-15 | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including… |
CVE-2026-5063 | High | 7.2 | 2026-05-03 | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submi… |
CVE-2025-3468 | Medium | 6.4 | 2025-05-08 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and fo… |
CVE-2025-4208 | Medium | 6.3 | 2025-05-08 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and inc… |
CVE-2020-36670 | Medium | 6.3 | 2023-03-07 | The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing cap… |
CVE-2025-15510 | Medium | 5.3 | 2026-01-31 | The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms clas… |
CVE-2024-13498 | Medium | 5.3 | 2025-03-12 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to… |
CVE-2024-1130 | Medium | 5.3 | 2024-02-01 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check… |
CVE-2024-1129 | Medium | 5.3 | 2024-02-01 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check… |
CVE-2024-0907 | Medium | 5.3 | 2024-02-01 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check… |
CVE-2026-7046 | Medium | 4.9 | 2026-05-15 | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versi… |
CVE-2025-10185 | Medium | 4.9 | 2025-10-11 | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in the action nf_load_form… |
CVE-2024-10862 | Medium | 4.9 | 2024-12-25 | The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in al… |
CVE-2026-1948 | Medium | 4.3 | 2026-03-14 | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check o… |