CyberSec.Space Logo
Back to CVE Browser

CVE-2014-7151

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1600%
EPSS Percentile27.70th
PublishedJan 8, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php.

Affected Platforms (CPE)

πŸ“¦
Nex Forms Lite Project

Nex Forms Lite

= 2.1.0

References & Advisories

πŸ”— https://research.g0blin.co.uk/cve-2014-7151/
πŸ”— https://wpvulndb.com/vulnerabilities/8237
πŸ”— https://research.g0blin.co.uk/cve-2014-7151/
πŸ”— https://wpvulndb.com/vulnerabilities/8237

Related Vulnerabilities

CVE-2014-052410.0

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code...

CVE-2014-052810.0

Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attac...

CVE-2014-049810.0

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Ma...

CVE-2014-052510.0

The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unm...