Vulnerabilities > Basixonline > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-25 | CVE-2024-10862 | SQL Injection vulnerability in Basixonline Nex-Forms The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
| 2024-02-29 | CVE-2024-0907 | Missing Authorization vulnerability in Basixonline Nex-Forms The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. | 4.3 |
| 2024-02-29 | CVE-2024-1129 | Missing Authorization vulnerability in Basixonline Nex-Forms The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. | 4.3 |
| 2024-02-29 | CVE-2024-1130 | Missing Authorization vulnerability in Basixonline Nex-Forms The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. | 4.3 |
| 2023-07-17 | CVE-2023-0439 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. | 5.4 |
| 2023-03-27 | CVE-2023-0272 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 |
| 2023-03-07 | CVE-2020-36670 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms. | 6.3 |
| 2021-12-13 | CVE-2021-24705 | Unspecified vulnerability in Basixonline Nex-Forms The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. | 4.8 |