Primary

Context

NEX-Forms WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Patched

A vulnerability allowing sensitive information exposure exists in the NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress, affecting all versions through 8.8.1. The issue arises from inadequate directory listing prevention and the absence of file name randomization, enabling unauthenticated attackers to access sensitive data, including files uploaded through forms.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, including files uploaded via forms, potentially exposing personal data or other confidential information.

Remediation

Users are advised to update the NEX-Forms WordPress plugin to version 8.8.2 or a newer patched version.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NEX-Forms WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

NEX-Forms Ultimate Form Builder

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating