Stored Cross-site Scripting Vulnerability in Basix NEX-Forms Plugin
CVE-2026-57668
7.1HIGH
What is CVE-2026-57668?
The Basix NEX-Forms WordPress plugin is vulnerable to stored Cross-site Scripting (XSS), allowing attackers to inject malicious scripts that can execute in the context of user sessions. This issue affects versions of the plugin from n/a up to and including 9.2.2, potentially compromising user data and site security. It is essential for users to update their NEX-Forms plugins to the latest version to mitigate this risk.
Affected Version(s)
NEX-Forms 0 <= 9.2.2