Vulnerabilities > Basixonline

DATE CVE VULNERABILITY TITLE RISK
2023-07-17 CVE-2023-0439 Unspecified vulnerability in Basixonline Nex-Forms
The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues.
network
low complexity
basixonline
5.4
5.4
2023-05-08 CVE-2023-2114 Unspecified vulnerability in Basixonline Nex-Forms
The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.
network
low complexity
basixonline
7.2
7.2
2023-03-27 CVE-2023-0272 Unspecified vulnerability in Basixonline Nex-Forms
The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
network
low complexity
basixonline
5.4
5.4
2023-03-07 CVE-2020-36670 Unspecified vulnerability in Basixonline Nex-Forms
The NEX-Forms.
network
low complexity
basixonline
6.3
6.3
2022-09-19 CVE-2022-3142 Unspecified vulnerability in Basixonline Nex-Forms
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections.
network
low complexity
basixonline
8.8
8.8
2021-12-13 CVE-2021-24705 Unspecified vulnerability in Basixonline Nex-Forms
The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes.
network
low complexity
basixonline
4.8
4.8
2021-07-19 CVE-2021-34675 Improper Authentication vulnerability in Basixonline Nex-Forms
Basix NEX-Forms through 7.8.7 allows authentication bypass for stored PDF reports.
network
low complexity
basixonline CWE-287
7.5
7.5
2021-07-19 CVE-2021-34676 Improper Authentication vulnerability in Basixonline Nex-Forms
Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel report generation.
network
low complexity
basixonline CWE-287
7.5
7.5
2019-10-07 CVE-2015-9452 SQL Injection vulnerability in Basixonline Nex-Forms
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
network
low complexity
basixonline CWE-89
critical
 9.8
9.8