What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through <= 9.1.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through <= 9.1.3.
Explanation of Vulnerability in Simple Terms
NEX-Forms versions 9.1.3 and earlier are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unauthorized actions on the form builder without the admin's knowledge. This can lead to unauthorized form modifications, data theft, or malicious form submissions.
What an attacker can do
Perform unauthorized actions on NEX-Forms by tricking a logged-in admin into visiting a malicious webpage.
Potential impact on your site
Attackers can modify forms, steal submissions, or inject malicious code into your forms without your consent.
Conditions required to exploit
A site admin must be logged in and visit an attacker-controlled webpage while the admin session is active.
Key dates
External resources