cleantalk
Vulnerabilities and Security Researches

NEX-Forms – Ultimate Form Builder – Contact forms and much more, CVE-2025-14803

CVE, Research URL

CVE-2025-14803

Home page URL

Security reports for NEX-Forms – Ultimate Form Builder – Contact forms and much more

Application

NEX-Forms – Ultimate Form Builder – Contact forms and much more

Published on
Jan 09, 2026
Research Description
The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting.
Affected versions
max 9.1.8.
Status
vulnerable
Previous vulnerability researches
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2025-10185) , Nov 10, 2025
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2025-4208) , May 09, 2025
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2025-3468) , May 09, 2025
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2020-36670) , Jun 10, 2024
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2024-10862) , Dec 25, 2024
New vulnerability
ElementsKit Elementor addons (CVE-2026-23693) , Feb 27, 2026
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2025-14795) , Feb 27, 2026
Slider Responsive Slideshow – Image slider, Gallery slideshow (CVE-2026-22346) , Feb 27, 2026
Endless Posts Navigation (CVE-2026-25332) , Feb 27, 2026
Eleblog – Elementor Blog And Magazine Addons (CVE-2025-69374) , Feb 27, 2026