Description
WordPress Plugin NEX-Forms-The Ultimate WordPress Form Builder is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently access PDF and Excel reports. WordPress Plugin NEX-Forms-The Ultimate WordPress Form Builder version 7.8.7 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 7.8.8 or latest
References
https://www.pentestfactory.de/en/vulnerabilities-in-nex-forms-7-8-8/
https://github.com/rauschecker/CVEs/tree/main/CVE-2021-34675
https://github.com/rauschecker/CVEs/tree/main/CVE-2021-34676
Related Vulnerabilities
WordPress Plugin Cherry Multiple Vulnerabilities (1.2.6)
Python CVE-2019-9636 Vulnerability (CVE-2019-9636)
Internet Information Services Unchecked Return Value Vulnerability (CVE-2005-4360)
WordPress Plugin Simple Photo Gallery SQL Injection (1.7.9)
WordPress Plugin Facebook With Login Multiple Vulnerabilities (1.0)