Vulnerabilities > Basixonline > NEX Forms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-25 | CVE-2024-10862 | SQL Injection vulnerability in Basixonline Nex-Forms The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
| 2024-12-06 | CVE-2024-53808 | SQL Injection vulnerability in Basixonline Nex-Forms Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8. | 7.2 |
| 2024-10-05 | CVE-2024-47389 | Cross-site Scripting vulnerability in Basixonline Nex-Forms Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Reflected XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.3. | 6.1 |
| 2024-07-21 | CVE-2024-37512 | Unspecified vulnerability in Basixonline Nex-Forms Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10. | 5.4 |
| 2024-03-15 | CVE-2024-25593 | Unspecified vulnerability in Basixonline Nex-Forms Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.5. | 5.4 |
| 2024-02-29 | CVE-2024-0907 | Missing Authorization vulnerability in Basixonline Nex-Forms The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. | 4.3 |
| 2024-02-29 | CVE-2024-1129 | Missing Authorization vulnerability in Basixonline Nex-Forms The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. | 4.3 |
| 2024-02-29 | CVE-2024-1130 | Missing Authorization vulnerability in Basixonline Nex-Forms The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. | 4.3 |
| 2024-01-05 | CVE-2023-52120 | Unspecified vulnerability in Basixonline Nex-Forms Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2. | 8.8 |
| 2023-12-28 | CVE-2023-50838 | Unspecified vulnerability in Basixonline Nex-Forms Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.5. | 7.2 |