Login Sign Up

CVE-2023-0272

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability in the NEX-Forms WordPress plugin allows authenticated users with contributor role or higher to inject malicious scripts via shortcode attributes. The scripts are stored and executed when other users view affected pages/posts, enabling stored cross-site scripting attacks. WordPress sites using vulnerable versions of NEX-Forms are affected.

💻 Affected Systems

Products:
  • NEX-Forms WordPress Plugin
Versions: All versions before 8.3.3
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with NEX-Forms plugin enabled and at least one user with contributor role or higher.

📦 What is this software?

Nex Forms by Basixonline

View all CVEs affecting Nex Forms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers with contributor access could steal administrator credentials, deface websites, redirect users to malicious sites, or perform actions as authenticated users, potentially leading to complete site compromise.

🟠

Likely Case

Malicious contributors inject scripts that steal session cookies or display unwanted content to visitors, potentially leading to account takeover or reputation damage.

🟢

If Mitigated

With proper role-based access controls and input validation, impact is limited to low-privilege user actions and contained within the affected plugin's scope.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires contributor-level access or higher. The vulnerability is publicly documented with technical details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.3.3

Vendor Advisory: https://wpscan.com/vulnerability/047b50c0-0eb3-4371-9e5d-3778fdafc66b

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find NEX-Forms and click 'Update Now'. 4. Verify version shows 8.3.3 or higher.

🔧 Temporary Workarounds

Disable NEX-Forms Plugin

all

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate nex-forms

Restrict Contributor Role Access

all

Temporarily remove contributor role permissions or downgrade users to subscriber role

wp user update <user_id> --role=subscriber

🧯 If You Can't Patch

  • Implement strict input validation and output escaping for all shortcode attributes
  • Apply web application firewall rules to block XSS payloads in POST/PUT requests

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins, find NEX-Forms and verify version is below 8.3.3

Check Version:

wp plugin get nex-forms --field=version

Verify Fix Applied:

After updating, confirm NEX-Forms version shows 8.3.3 or higher in WordPress plugins list

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to wp-admin containing script tags in parameters
  • Multiple failed login attempts followed by successful contributor login

Network Indicators:

  • HTTP requests with suspicious script payloads in POST data to WordPress endpoints

SIEM Query:

source="wordpress.log" AND ("script" OR "javascript:" OR "onerror=" OR "onload=") AND "POST" AND "/wp-admin/"

📊 Metadata

CVE ID: CVE-2023-0272
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Published: March 27, 2023
Last Updated: February 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON