Every CVE whose affected-product data names Basixonline Nex-forms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2015-9452 — CVSS 9.8 (critical): The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main…
CVE-2022-3142 — CVSS 8.8 (high): The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to…
CVE-2024-53808 — CVSS 8.5 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms…
CVE-2023-50838 — CVSS 7.6 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form…
CVE-2023-2114 — CVSS 7.2 (high): The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before…
CVE-2024-47389 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms…
CVE-2024-25593 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form…
CVE-2024-37512 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate…
CVE-2025-3468 — CVSS 6.4 (medium): The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2025-4208 — CVSS 6.3 (medium): The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all…
CVE-2020-36670 — CVSS 6.3 (medium): The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including…
CVE-2023-0272 — CVSS 5.4 (medium): The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a…
CVE-2023-52120 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue…
CVE-2023-0439 — CVSS 5.4 (medium): The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By…
CVE-2024-1129 — CVSS 5.3 (medium): The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a…
CVE-2024-1130 — CVSS 5.3 (medium): The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a…
CVE-2024-0907 — CVSS 5.3 (medium): The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a…
CVE-2024-10862 — CVSS 4.9 (medium): The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the…
CVE-2021-24705 — CVSS 4.8 (medium): The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its…