Vulnerabilities > Basixonline > NEX Forms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-19 | CVE-2022-3142 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. | 8.8 |
| 2021-12-13 | CVE-2021-24705 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. | 4.8 |
| 2021-07-19 | CVE-2021-34675 | Improper Authentication vulnerability in Basixonline Nex-Forms Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports. | 7.5 |
| 2021-07-19 | CVE-2021-34676 | Improper Authentication vulnerability in Basixonline Nex-Forms Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation. | 7.5 |
| 2019-10-07 | CVE-2015-9452 | SQL Injection vulnerability in Basixonline Nex-Forms The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter. | 9.8 |