PT-2026-25529 · Webaways · Nex-Forms – Ultimate Forms Plugin For Wordpress

Youssef Elouaer

Publicado

2026-03-15

Atualizado

2026-03-17

CVE-2026-1947

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions NEX-Forms – Ultimate Forms Plugin for WordPress versions through 9.1.9

Description The NEX-Forms – Ultimate Forms Plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to a lack of validation on a user-controlled key within the submit nex form() function. This allows unauthenticated attackers to overwrite arbitrary form entries by manipulating the nf set entry update id parameter.

Recommendations Update NEX-Forms – Ultimate Forms Plugin for WordPress to a version later than 9.1.9.

Correção

IDOR

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-639

Identificadores relacionados

CVE-2026-1947

Produtos afetados

Nex-Forms – Ultimate Forms Plugin For Wordpress

PT-2026-25529 · Webaways · Nex-Forms – Ultimate Forms Plugin For Wordpress

CVE-2026-1947

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5