CVE-2025-14803

CVSS Score & Metrics

Base Score

6.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H                                    

Vulnerability Description

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting.

Vulnerability Details

Published Date

January 09, 2026

Last Modified

January 13, 2026

CWE ID

CWE-79

Source

NVD

External References

https://wpscan.com/vulnerability/219af0e7-3d8b-4405-8005-b8969a370b0b/

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment