Cross-site Scripting Vulnerability in Basix NEX-Forms Plugin by WordPress
CVE-2025-69324
7.1HIGH
What is CVE-2025-69324?
The Basix NEX-Forms plugin for WordPress presents a Cross-site Scripting (XSS) vulnerability due to improper handling of user input during web page generation. This flaw allows for stored XSS attacks, where malicious scripts can be injected and stored on the server. When unsuspecting users access the compromised form, these scripts are executed in their browsers, potentially leading to unauthorized actions and data theft. It is crucial for users of NEX-Forms versions 9.1.7 and earlier to update their installations and mitigate the risk of exploitation.
Affected Version(s)
NEX-Forms 0 <= 9.1.7