Security Advisory

CVE-2023-0439

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-07-17 13:29:58

Last updated 2024-10-30 14:02:35

Assigner WPScan

State PUBLISHED

Description

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feature.

← Browse all CVEs View on cve.org ↗