Vulnerability history

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license vulnerability

Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting (XSS) vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via restore_records() vulnerability

WordPress NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin <= 8.5.6 - Missing Authorization via set_starred() vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.8 - Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Authenticated Stored XSS vulnerability

Authenticated (Admin+) SQL Injection vulnerability

Cross Site Request Forgery (CSRF) Vulnerability

Authenticated (Custom) Limited Code Execution via get_table_records Function vulnerability

Authenticated (Custom) Stored Cross-Site Scripting vulnerability

Unauthenticated Sensitive Information Exposure vulnerability

Authenticated (Admin+) SQL Injection vulnerability

SQL Injection vulnerability

Reflected Cross Site Scripting (XSS) vulnerability

Cross Site Scripting (XSS) vulnerability

Cross Site Scripting (XSS) vulnerability

Multiple Missing Authorization vulnerability

Cross Site Request Forgery (CSRF) vulnerability

SQL Injection vulnerability

Auth. SQL Injection (SQLi) vulnerability

Contributor+ Stored XSS vulnerability

Authenticated SQL Injection (SQLi) vulnerability

Multiple Stored Cross-Site Scripting (XSS) vulnerabilities