Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-0439

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feature.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.1%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2023-0439


Contact Us

Shodan ® - All rights reserved