Product

NEX-Forms – Ultimate Forms Plugin for WordPress Plugin <= 9.1.11

1 brief RSS

NEX-Forms WordPress Plugin Vulnerable to Stored Cross-Site Scripting (CVE-2026-5063)

The NEX-Forms WordPress plugin is vulnerable to stored XSS via POST parameter key names, allowing unauthenticated attackers to inject arbitrary web scripts.

NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.1.11 wordpress xss stored-xss cve-2026-5063

2r 1t 1c 1d ago