cleantalk
Vulnerabilities and Security Researches

NEX-Forms – Ultimate Form Builder – Contact forms and much more, CVE-2015-9452

CVE, Research URL

CVE-2015-9452

Home page URL

Security reports for NEX-Forms – Ultimate Form Builder – Contact forms and much more

Application

NEX-Forms – Ultimate Form Builder – Contact forms and much more

Published on
Oct 07, 2019
Research Description
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
Affected versions
Min -, max 4.6.1.
Status
vulnerable
Previous vulnerability researches
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2020-36670) , Jun 10, 2024
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2024-10862) , Dec 25, 2024
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2024-13498) , Mar 13, 2025
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2015-9452) , Jun 07, 2024
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2023-2114) , Jun 07, 2024
New vulnerability
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2024-13887) , Mar 14, 2025
AppPresser – Mobile App Framework (CVE-2025-1561) , Mar 14, 2025
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2025-1119) , Mar 14, 2025
CRM and Lead Management by vcita (CVE-2024-13703) , Mar 14, 2025
WP Recipe Maker (CVE-2025-1503) , Mar 14, 2025