๐Ÿ” CVE Alert

CVE-2026-10525

UNKNOWN 0.0

NEX-Forms < 9.2.3 - Unauthenticated Stored XSS via Form Submission

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The NEX-Forms WordPress plugin before 9.2.3 does not sanitise and escape some submitted form data before storing it and outputting it back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against high privilege users such as administrators when they view the submitted entries.

Vendor unknown
Product nex-forms
Published Jul 17, 2026
Stay Ahead of the Next One

Get instant alerts for unknown nex-forms

Be the first to know when new unknown vulnerabilities affecting unknown nex-forms are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / NEX-Forms
0 < 9.2.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/d1e191e6-ff5b-4cb8-9b12-8ae73cf0d2f0/

Credits

Sandiyo Christan WPScan