Skip to content

CVE-2023-0439 | NEX-Forms

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feature..This CVE has a CVSS3.1 score of 7.5 and a Base Severity of HIGH.

InfoDetails
CVE IDCVE-2023-0439
CVE StatePUBLISHED
BaseScoreNA
BaseSeverityNA
VectorStringNA
VersionNA

References for CVE-2023-0439 :
https://wpscan.com/vulnerability/04cea9aa-b21c-49f8-836b-2d312253e09a

Metric TypeMetric Score
AttackVector(AV)NA
AttackComplexity(AC)NA
PrivilegesRequired(PR)NA
UserInteraction(UI)NA
Scope(S)NA
Confidentiality(C)NA
Availability(A)NA
Integrity(I)NA
Tags: