The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feature.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-07-17T13:29:58.934Z
Updated: 2024-08-02T05:10:56.261Z
Reserved: 2023-01-23T12:47:50.956Z
Link: CVE-2023-0439
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-17T14:15:09.553
Modified: 2023-11-07T04:00:28.497
Link: CVE-2023-0439
Redhat
No data.