Source: National Vulnerability Database

The NEX-Forms WordPress plugin through 7.9.4 does not escape some of its settings and form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability

127 hits since 2021-12-15

PHP Vulns Source Ratio: 14% (5318 total, 383 propagated, 2659 filtered)