cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10862,https://securityvulnerability.io/vulnerability/CVE-2024-10862,SQL Injection Vulnerability in NEX-Forms Plugin for WordPress,"An SQL injection vulnerability has been discovered in the NEX-Forms - Ultimate Form Builder plugin for WordPress, affecting all versions up to and including 8.7.13. This vulnerability arises due to inadequate escaping mechanisms for user-supplied input in the 'search_params' parameter, coupled with insufficient safeguards in the existing SQL query structure. As a result, unauthorized attackers are able to inject additional SQL commands, potentially leading to the extraction of sensitive database information. Furthermore, the absence of proper nonce validation on the get_table_records AJAX action heightens the risk of CSRF exploits, allowing attackers to perform unauthorized actions without user consent.",Wordpress,Nex-forms – Ultimate Form Builder – Contact Forms And Much More,4.9,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,2024-12-25T06:42:14.009Z,0
CVE-2024-0907,https://securityvulnerability.io/vulnerability/CVE-2024-0907,Unauthorized Access in NEX-Forms Plugin for WordPress,"The NEX-Forms – Ultimate Form Builder plugin for WordPress is susceptible to unauthorized access due to a lack of capability checks within the restore_records() function. This vulnerability affects all versions up to and including 8.5.6, enabling authenticated users with subscriber-level access or higher to restore sensitive records. This issue poses a risk to the integrity of user data, as unauthorized users could exploit this oversight to gain access to information that should be protected.",Wordpress,NEX-Forms – Ultimate Form Builder – Contact forms and much more,4.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1130,https://securityvulnerability.io/vulnerability/CVE-2024-1130,Unauthorized Access in NEX-Forms Plugin for WordPress,"The NEX-Forms – Ultimate Form Builder plugin for WordPress contains a security flaw that allows authenticated attackers, with subscriber-level access or higher, to bypass necessary capability checks in the set_read() function. This vulnerability, present in all versions up to and including 8.5.6, potentially grants attackers the ability to mark records as read, leading to unauthorized access to sensitive information. Users of this plugin are advised to upgrade to version 8.5.7 or later to mitigate this risk.",Wordpress,NEX-Forms – Ultimate Form Builder – Contact forms and much more,4.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-1129,https://securityvulnerability.io/vulnerability/CVE-2024-1129,Unauthorized Access in NEX-Forms Ultimate Form Builder Plugin for WordPress,"The NEX-Forms – Ultimate Form Builder plugin for WordPress exhibits a vulnerability that allows authenticated users, particularly those with subscriber-level access and higher, to exploit a missing capability check in the set_starred() function. This flaw is present in versions up to and including 8.5.6, enabling unauthorized manipulation of records, which could have significant impacts on data integrity and security. Users are urged to update to the latest version to mitigate potential risks.",Wordpress,Nex-forms – Ultimate Form Builder – Contact Forms And Much More,4.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2020-36670,https://securityvulnerability.io/vulnerability/CVE-2020-36670,Unauthorized Data Disclosure and Modification in NEX-Forms Plugin for WordPress,"The NEX-Forms plugin for WordPress has a vulnerability that allows authenticated attackers, even those with minimal permissions (subscriber level), to exploit missing capability checks on certain AJAX actions. This can lead to unauthorized data manipulation, including the ability to modify form submission records, delete files, send test emails, and alter plugin settings. Such flaws underline the need for robust authentication and careful management of user permissions to prevent misuse.",Wordpress,Nex-forms – Ultimate Form Builder – Contact Forms And Much More,6.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,2023-03-07T15:34:03.433Z,0
CVE-2022-3142,https://securityvulnerability.io/vulnerability/CVE-2022-3142,NEX-Forms < 7.9.7 - Authenticated SQLi,"The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.",Wordpress,Nex-forms – Ultimate Form Builder – Contact Forms And Much More,8.8,HIGH,0.006120000034570694,false,,false,false,false,,false,false,2022-09-19T00:00:00.000Z,0