How severe is CVE-2025-14803?

CVE-2025-14803 has a CVSS v3 score of 6.8 (MEDIUM).

CVE-2025-14803

6.8MEDIUM

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscriber

Veröffentlicht: 1/9/2026Aktualisiert: 1/13/2026

Beschreibung

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting.

KI-AnalyseKI-gestützt

Referenzen

https://wpscan.com/vulnerability/219af0e7-3d8b-4405-8005-b8969a370b0b/