cleantalk
Vulnerabilities and Security Researches

NEX-Forms – Ultimate Form Builder – Contact forms and much more, CVE-2025-49399

CVE, Research URL

CVE-2025-49399

Home page URL

Security reports for NEX-Forms – Ultimate Form Builder – Contact forms and much more

Application

NEX-Forms – Ultimate Form Builder – Contact forms and much more

Published on
Aug 20, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms allows Cross Site Request Forgery. This issue affects NEX-Forms: from n/a through 9.1.3.
Affected versions
Min -, max 9.1.4.
Status
vulnerable
Previous vulnerability researches
Jenga Payment Gateway for WooCommerce (CVE-2025-49432) , Aug 20, 2025
New vulnerability
Simple Login Log (CVE-2025-49438) , Aug 23, 2025
SensorPress (CVE-2025-49409) , Aug 23, 2025
Notice Bar (CVE-2025-49389) , Aug 23, 2025
Testimonial (CVE-2025-49410) , Aug 23, 2025
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) (CVE-2025-8607) , Aug 23, 2025