N/A
2026-05-14< 9.1.13
NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.12 - Authenticated (Administrator+) SQL Injection via 'table' Parameter
NEX-Forms – Ultimate Forms Plugin for WordPress
Minimum safe version
9.1.13
Update to 9.1.13 or later to address 38 fixable vulnerabilities
Latest available9.1.13 ✓
High 7.2
2026-05-03< 9.1.12
CVE-2026-5063
N/A
2026-03-13< 9.1.10
NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Authenticated (Subscriber+) License Deactivation via deactivate_license
N/A
2026-03-14< 9.1.10
NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id
High 7.1
2026-02-20< 9.1.8
CVE-2025-69326
High 7.1
2026-02-20< 9.1.8
CVE-2025-69324
Medium 5.3
2026-01-31< 9.1.9
CVE-2025-15510
Medium 6.8
2026-01-09< 9.1.8
CVE-2025-14803
Medium 4.9
2025-10-11< 9.1.7
CVE-2025-10185
High 8.8
2025-08-20< 9.1.4
CVE-2025-49399
Medium 6.4
2025-05-08< 8.9.2
NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting
Medium 6.3
2025-05-08< 8.9.2
NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Limited Code Execution via get_table_records Function
Medium 5.3
2025-03-12< 8.8.2
CVE-2024-13498
Medium 4.9
2024-12-25< 8.7.16
CVE-2024-10862
High 8.5
2024-12-06< 8.7.9
CVE-2024-53808
High 7.1
2024-10-05< 8.7.4
CVE-2024-47389
Medium 5.4
2024-07-21< 8.6.1
CVE-2024-37512
Medium 6.5
2024-03-15< 8.5.6
CVE-2024-25593
Medium 4.3
2024-02-01< 8.5.7
CVE-2024-1129
Medium 4.3
2024-02-01< 8.5.7
CVE-2024-1130
N/A
< 8.5.7
WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.6 is vulnerable to Broken Access Control
N/A
2024-01-31< 8.5.7
NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_read()
N/A
2024-01-31< 8.5.7
NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_starred()
Medium 4.3
2024-02-01< 8.5.7
CVE-2024-0907
Medium 5.4
2024-12-28< 8.5.5
WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
High 7.6
2024-12-21< 8.5.6
WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to SQL Injection
N/A
< 3.1
NEX-Forms - Ultimate Form builder <= 3.0 - SQL Injection
Medium 5.4
2023-07-17< 8.4.4
CVE-2023-0439
High 7.2
2023-05-08< 8.4
CVE-2023-2114
Medium 5.4
2023-03-28< 8.3.3
WordPress NEX-Forms – Ultimate Form Builder Plugin < 8.3.3 is vulnerable to Cross Site Scripting (XSS)
N/A
2015-04-21< 3.4
NEX-Forms – Ultimate Form Builder – Contact forms and much more < 3.4 - SQL Injection
High 7.5
2021-07-19< 7.8.8
CVE-2021-34676
High 8.8
2022-09-19< 7.9.7
CVE-2022-3142
N/A
2015-04-21< 3.0
WordPress NEX-Forms <= 2.9 - SQL Injection
N/A
2015-07-16< 4.6.1
WordPress NEX-Forms Plugin <= 4.0 - Blind SQL Injection
Medium 6.1
2016-01-08< 2.1.1
CVE-2014-7151
Critical 9.8
2019-10-07< 4.6.1
CVE-2015-9452
Medium 4.8
2021-12-13< 8.4.3
CVE-2021-24705