Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

NEX-Forms – Ultimate Forms Plugin for WordPress — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in NEX-Forms – Ultimate Forms Plugin for WordPress, with AI-generated Chinese analysis, references, and POCs.

Vendor: webaways

CVE IDTitleCVSSSeverityPaused
CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id CWE-639 7.5 High2026-03-15
CVE-2026-1948 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license CWE-862 4.3 Medium2026-03-14
CVE-2025-15510 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure CWE-862 5.3 Medium2026-01-31
CVE-2025-10185 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.6 - Authenticated (Admin+) SQL Injection CWE-89 4.9 Medium2025-10-11
CVE-2025-3468 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-05-08
CVE-2025-4208 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function CWE-94 6.3 Medium2025-05-08
CVE-2024-13498 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.8.1 - Unauthenticated Sensitive Information Exposure CWE-200 5.3 Medium2025-03-12
CVE-2024-10862 NEX-Forms <= 8.7.15 - Authenticated (Admin+) SQL Injection CWE-89 4.9 Medium2024-12-25
CVE-2024-1129 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_starred() CWE-862 5.3 Medium2024-02-01
CVE-2024-1130 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_read() CWE-862 5.3 Medium2024-02-01
CVE-2024-0907 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via restore_records() CWE-862 5.3 Medium2024-02-01
CVE-2020-36670 NEX-Forms <= 7.7.1 - Missing Authorization on Various AJAX Actions CWE-862 6.3 Medium2023-03-07

All 12 known CVE vulnerabilities affecting NEX-Forms – Ultimate Forms Plugin for WordPress with full Chinese analysis, references, and POCs where available.