Vulnerabilities

CVE-2025-15510 - NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - missing authorization...

2026-01-31 0 views admin

CVE ID : CVE-2025-15510 Published : Jan. 31, 2026, 2:16 a.m. | 14 minutes ago Description : The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configurations, that may include sensitive data, such as email addresses, PayPal API credentials, and third-party integration keys by enumerating the nex_forms_Id parameter. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-15510

Severity

MEDIUM

Published

Jan. 31, 2026

Affected Product: WordPress

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-15510mediumwordpress

CVE-2025-15510 - NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.8 - missing authorization...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-15525 - Ajax Load More – Infinite Scroll, Lazy Load & Load More <= 7.8.1 - incorrect aut...

CVE-2026-1431 - Booking Calendar <= 10.14.13 - missing authorization to unauthenticated booking d...

CVE-2026-0683 - SupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - authenticated...

CVE-2020-37031 - Simple Startup Manager 1.17 - 'File' Local Buffer Overflow

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3