We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-52120

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF)



AssignerPatchstack
Reserved2023-12-28
Published2024-01-05
Updated2024-09-04

Description

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2.



MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status
0x40021c4630

Any version
affected

Credits

Brandon Roldan (Patchstack Alliance) 0x40021c4690

References

https://patchstack.com/database/vulnerability/nex-forms-express-wp-form-builder/wordpress-nex-forms-plugin-8-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve vdb-entry

cve.org CVE-2023-52120

nvd.nist.gov CVE-2023-52120

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-52120
Subscribe to our newsletter to learn more about our work.