Vulnerabilities > Basixonline
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-05 | CVE-2023-52120 | Cross-Site Request Forgery (CSRF) vulnerability in Basixonline Nex-Forms Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2. | 8.8 |
| 2023-12-28 | CVE-2023-50838 | SQL Injection vulnerability in Basixonline Nex-Forms Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5. | 7.2 |
| 2023-07-17 | CVE-2023-0439 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. | 5.4 |
| 2023-05-08 | CVE-2023-2114 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query. | 7.2 |
| 2023-03-27 | CVE-2023-0272 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2023-03-07 | CVE-2020-36670 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms. | 6.3 |
| 2022-09-19 | CVE-2022-3142 | SQL Injection vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. | 8.8 |
| 2021-12-13 | CVE-2021-24705 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. | 4.8 |
| 2021-07-19 | CVE-2021-34675 | Improper Authentication vulnerability in Basixonline Nex-Forms 7.8.7 Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports. | 5.0 |
| 2021-07-19 | CVE-2021-34676 | Improper Authentication vulnerability in Basixonline Nex-Forms 7.8.7 Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation. | 5.0 |