exploitDog

CVE-2025-14803

Опубликовано: 09 янв. 2026

Источник: nvd

CVSS3: 6.8

EPSS Низкий

Описание

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting.

Ссылки

https://wpscan.com/vulnerability/219af0e7-3d8b-4405-8005-b8969a370b0b/

EPSS

Процентиль: 12%

0.00041

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-cp58-32qm-mgjw

CVSS3: 6.8

github

30 дней назад

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting.

EPSS

Процентиль: 12%

0.00041

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-79