Reflected XSS Vulnerability in NEX-Forms by Basix
CVE-2025-69326
7.1HIGH
What is CVE-2025-69326?
The NEX-Forms plugin for WordPress by Basix is susceptible to a reflected cross-site scripting (XSS) vulnerability. This flaw arises from improper neutralization of input during web page generation, allowing attackers to inject malicious scripts. The vulnerability affects all NEX-Forms versions up to 9.1.7, posing significant risks for websites leveraging this plugin, as it may lead to unauthorized actions or data exposure for users.
Affected Version(s)
NEX-Forms 0 <= 9.1.7