Vulnerabilities > Basixonline > NEX Forms > 7.9.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-17 | CVE-2023-0439 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. | 5.4 |
| 2023-05-08 | CVE-2023-2114 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query. | 7.2 |
| 2023-03-27 | CVE-2023-0272 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |