CVE-2025-49399 — Cross-Site Request Forgery in Nex-forms

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

—N/A

No vector

EPSS

0.0%

top 98.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Basix Nex-forms

Timeline

PublishedAug 20

Description

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through <= 9.1.3.

Affected Packages1 packages

▶CVEListV5basix/nex-forms9.1.3

🔴Vulnerability Details

GHSA

GHSA-h86p-h6mg-qw33: Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms allows Cross Site Request Forgery↗2025-08-20

▶

CVEList

WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability↗2025-08-20

▶