Nex Forms

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-4208 MEDIUM This Month

The NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the get_table_records. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress PHP Code Injection Nex Forms
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2025-3468 MEDIUM This Month

The NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and form_fields parameters in all versions up. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Nex Forms PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-4208
EPSS 0% CVSS 6.3
MEDIUM This Month

The NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the get_table_records. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress PHP +2
NVD
CVE-2025-3468
EPSS 0% CVSS 6.4
MEDIUM This Month

The NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and form_fields parameters in all versions up. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Nex Forms +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy