CVE-2026-10525
NEX-Forms < 9.2.3 - Unauthenticated Stored XSS via Form Submission
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The NEX-Forms WordPress plugin before 9.2.3 does not sanitise and escape some submitted form data before storing it and outputting it back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against high privilege users such as administrators when they view the submitted entries.
| Vendor | unknown |
| Product | nex-forms |
| Published | Jul 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown nex-forms
Be the first to know when new unknown vulnerabilities affecting unknown nex-forms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / NEX-Forms
0 < 9.2.3
References
Credits
Sandiyo Christan WPScan