CVE-2021-24705

Name of the Vulnerable Software and Affected Versions NEX-Forms WordPress plugin versions prior to 8.4.3

Description The issue concerns the lack of CSRF checks when editing a form and the failure to escape some settings and form fields before outputting them in attributes. This could allow attackers to make a logged-in admin edit arbitrary forms with Cross-Site Scripting payloads in them, potentially enabling high-privilege users to perform Cross-Site Scripting attacks.

Recommendations For versions prior to 8.4.3, update to version 8.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to form editing capabilities to minimize the risk of exploitation. Avoid using the plugin's form editing feature until the issue is resolved.