CVE-2023-0439

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jul 17, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-0439: The NEX-Forms plugin for WordPress, prior to version 8.4.4, fails to properly escape form names, making it susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability could potentially impact both single and multisite installations. While SuperAdmins in multisite and admins in single site configurations typically have the ability to create forms, a setting exists that grants lower-level users this functionality, thereby increasing the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Basix NEX-Forms

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r1uamp
https://www.cve.org/CVERecord?id=CVE-2023-0439
https://nvd.nist.gov/vuln/detail/CVE-2023-0439

Back to Vulnerability Database

CVE-2023-0439

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations