All the vulnerabilites related to webaways - NEX-Forms – Ultimate Form Builder – Contact forms and much more
cve-2024-1129
Vulnerability from cvelistv5
Published
2024-02-01 04:31
Modified
2024-08-07 17:52
Severity ?
EPSS score ?
Summary
The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as starred.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | webaways | NEX-Forms – Ultimate Form Builder – Contact forms and much more |
Version: * ≤ 8.5.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:26:30.570Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53db0f72-3353-42bb-ad75-4c5aa32d7939?source=cve" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:basixonline:nex-forms:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nex-forms", "vendor": "basixonline", "versions": [ { "lessThanOrEqual": "8.5.6", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-1129", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-07T17:32:02.295264Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-07T17:52:57.259Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "vendor": "webaways", "versions": [ { "lessThanOrEqual": "8.5.6", "status": "affected", "version": "*", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Francesco Carlucci" } ], "descriptions": [ { "lang": "en", "value": "The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as starred." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-862 Missing Authorization", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-01T04:31:54.943Z", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence" }, "references": [ { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53db0f72-3353-42bb-ad75-4c5aa32d7939?source=cve" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539" } ], "timeline": [ { "lang": "en", "time": "2024-01-31T00:00:00.000+00:00", "value": "Disclosed" } ] } }, "cveMetadata": { "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2024-1129", "datePublished": "2024-02-01T04:31:54.943Z", "dateReserved": "2024-01-31T16:08:57.888Z", "dateUpdated": "2024-08-07T17:52:57.259Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1130
Vulnerability from cvelistv5
Published
2024-02-01 04:31
Modified
2024-08-01 18:26
Severity ?
EPSS score ?
Summary
The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as read.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | webaways | NEX-Forms – Ultimate Form Builder – Contact forms and much more |
Version: * ≤ 8.5.6 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1130", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-01T16:29:17.070707Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:01:25.587Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:26:30.583Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2c3b646-d865-4425-bc8f-00b3555a3d74?source=cve" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "vendor": "webaways", "versions": [ { "lessThanOrEqual": "8.5.6", "status": "affected", "version": "*", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Francesco Carlucci" } ], "descriptions": [ { "lang": "en", "value": "The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as read." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-862 Missing Authorization", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-01T04:31:55.418Z", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence" }, "references": [ { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2c3b646-d865-4425-bc8f-00b3555a3d74?source=cve" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539" } ], "timeline": [ { "lang": "en", "time": "2024-01-31T00:00:00.000+00:00", "value": "Disclosed" } ] } }, "cveMetadata": { "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2024-1130", "datePublished": "2024-02-01T04:31:55.418Z", "dateReserved": "2024-01-31T16:09:23.121Z", "dateUpdated": "2024-08-01T18:26:30.583Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-10862
Vulnerability from cvelistv5
Published
2024-12-25 06:42
Modified
2024-12-26 18:14
Severity ?
EPSS score ?
Summary
The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can be exploited via CSRF due to a lack of nonce validation on the get_table_records AJAX action.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | webaways | NEX-Forms – Ultimate Form Builder – Contact forms and much more |
Version: * ≤ 8.7.13 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-10862", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-26T18:14:36.997485Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-26T18:14:45.306Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "vendor": "webaways", "versions": [ { "lessThanOrEqual": "8.7.13", "status": "affected", "version": "*", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Mohamed Awad" } ], "descriptions": [ { "lang": "en", "value": "The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the \u0027search_params\u0027 parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can be exploited via CSRF due to a lack of nonce validation on the get_table_records AJAX action." } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-25T06:42:14.009Z", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence" }, "references": [ { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab807beb-0e20-47e4-be3e-9e8f50b84c7b?source=cve" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L3065" } ], "timeline": [ { "lang": "en", "time": "2024-12-24T00:00:00.000+00:00", "value": "Disclosed" } ], "title": "NEX-Forms \u003c= 8.7.13 - Authenticated (Admin+) SQL Injection" } }, "cveMetadata": { "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2024-10862", "datePublished": "2024-12-25T06:42:14.009Z", "dateReserved": "2024-11-05T14:03:22.486Z", "dateUpdated": "2024-12-26T18:14:45.306Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-36670
Vulnerability from cvelistv5
Published
2023-03-07 15:34
Modified
2024-08-04 17:30
Severity ?
EPSS score ?
Summary
The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | webaways | NEX-Forms – Ultimate Form Builder – Contact forms and much more |
Version: * ≤ 7.7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:30:08.563Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01940eeb-b4a6-450d-b646-84f415ca92c9" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/changeset/2427162/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "vendor": "webaways", "versions": [ { "lessThanOrEqual": "7.7.1", "status": "affected", "version": "*", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Chloe Chamberland" } ], "descriptions": [ { "lang": "en", "value": "The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-862 Missing Authorization", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-07T15:34:03.433Z", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence" }, "references": [ { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01940eeb-b4a6-450d-b646-84f415ca92c9" }, { "url": "https://plugins.trac.wordpress.org/changeset/2427162/" } ], "timeline": [ { "lang": "en", "time": "2020-11-27T00:00:00.000+00:00", "value": "Disclosed" } ] } }, "cveMetadata": { "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2020-36670", "datePublished": "2023-03-07T15:34:03.433Z", "dateReserved": "2023-03-07T15:33:56.028Z", "dateUpdated": "2024-08-04T17:30:08.563Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0907
Vulnerability from cvelistv5
Published
2024-02-01 04:31
Modified
2024-08-01 18:18
Severity ?
EPSS score ?
Summary
The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to restore records.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | webaways | NEX-Forms – Ultimate Form Builder – Contact forms and much more |
Version: * ≤ 8.5.6 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-0907", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-05T20:12:41.907913Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:58:51.835Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:18:18.988Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26bd4058-ef00-48c8-8ab5-01535f0238a4?source=cve" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493" }, { "tags": [ "x_transferred" ], "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more", "vendor": "webaways", "versions": [ { "lessThanOrEqual": "8.5.6", "status": "affected", "version": "*", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Francesco Carlucci" } ], "descriptions": [ { "lang": "en", "value": "The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to restore records." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-862 Missing Authorization", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-01T04:31:54.229Z", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence" }, "references": [ { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26bd4058-ef00-48c8-8ab5-01535f0238a4?source=cve" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493" }, { "url": "https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539" } ], "timeline": [ { "lang": "en", "time": "2024-01-31T00:00:00.000+00:00", "value": "Disclosed" } ] } }, "cveMetadata": { "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2024-0907", "datePublished": "2024-02-01T04:31:54.229Z", "dateReserved": "2024-01-25T20:17:35.256Z", "dateUpdated": "2024-08-01T18:18:18.988Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }