CVSS Score of 10 (low)


Published Jul 17, 2023
Updated: Nov 7, 2023


CVE-2023-0439 is a vulnerability affecting the NEX-Forms WordPress plugin before version 8.4.4. This vulnerability allows for Stored Cross-Site Scripting (XSS) attacks due to the plugin's failure to escape its form name. The affected products include various versions of qqrA, r1Kwgs, and nlH3Y. By default, only SuperAdmins or admins can create forms, but there is a setting that allows lower roles to access this feature. The potential danger posed by this vulnerability includes the execution of malicious scripts on the affected WordPress sites, leading to possible data theft or manipulation. To remediate this vulnerability, users are advised to update the NEX-Forms plugin to version 8.4.4 or later.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-0439 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options