CVE-2023-52120 — Cross-Site Request Forgery in Nex-forms Ultimate Form Builder Contact Forms AND Much More

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.8HIGHNVD

CNA5.4

EPSS

0.0%

top 86.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Basix Nex-forms Ultimate Form Builder Contact Forms AND Much More Basixonline Nex-forms

Timeline

PublishedJan 5

Description

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5basix/nex-forms_ultimate_form_builder_contact_forms_and_much_moren/a — 8.5.2

▶NVDbasixonline/nex-forms8.5.2

🔴Vulnerability Details

CVEList

WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.2 is vulnerable to Cross Site Request Forgery (CSRF)↗2024-01-05

▶

GHSA

GHSA-j534-cwfj-5vqc: Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more↗2024-01-05

▶