Source: National Vulnerability Database

The NEX-Forms WordPress plugin through 7.9.4 does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24705

127 hits since 2021-12-15

PHP Vulns Source Ratio: 14% (5318 total, 383 propagated, 2659 filtered)