Cross-Site Scripting Vulnerabilities in NEX-Forms Lite by WordPress
CVE-2014-7151

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Nex-forms Lite
Vendor: CVE Published:; 8 January 2016

Summary

The NEX-Forms Lite plugin for WordPress contains multiple cross-site scripting vulnerabilities that can be exploited by remote attackers. These vulnerabilities arise from insufficient validation of user input in the form_fields parameter during do_edit or do_insert actions handled through wp-admin/admin-ajax.php. Successful exploitation could allow attackers to inject arbitrary web scripts or HTML into the site's interface, potentially compromising the security and integrity of the website.

References

https://research.g0blin.co.uk/cve-2014-7151/

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/8237

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 8, 2016
Vulnerability Reserved
Sep 22, 2014