WordPress Plugin Vulnerabilities

NEX-Forms Lite <= 2.1.0 - Stored Cross-Site Scripting (XSS)

Description

The x-forms-express WordPress plugin was affected by a Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
x-forms-express
No known fix

References

CVE
CVE-2014-7151
URL
https://g0blin.co.uk/cve-2014-7151/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
b231eed5-164d-4d95-a3c2-0c656d4b30c3

Timeline

Publicly Published
2014-10-21 (about 11 years ago)
Added
2015-11-13 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-12-11
Title
Popup Builder < 4.2.3 - Unauthenticated Stored XSS
Published
2014-08-01
Title
MobileChief - jQuery Validation Cross-Site Scripting
Published
2024-12-11
Title
Simple Payment < 2.3.8 - Reflected Cross-Site Scripting
Published
2025-04-04
Title
FooBox Image Lightbox < 2.7.34 - Authenticated (Author+) Stored Cross-Site Scripting
Published
2024-02-27
Title
CodeMirror Blocks < 2.0.0 - Contributor+ Stored XSS