Stored Cross-site Scripting Vulnerability in Basix NEX-Forms Plugin
CVE-2026-57668

7.1HIGH

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-57668?

The Basix NEX-Forms WordPress plugin is vulnerable to stored Cross-site Scripting (XSS), allowing attackers to inject malicious scripts that can execute in the context of user sessions. This issue affects versions of the plugin from n/a up to and including 9.2.2, potentially compromising user data and site security. It is essential for users to update their NEX-Forms plugins to the latest version to mitigate this risk.

Affected Version(s)

NEX-Forms 0 <= 9.2.2

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nguyen Ba Khanh | Patchstack Bug Bounty Program
.