MEDIUM
webaways
CVE published 2026-06-27
CVE-2026-12404
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin, up to and including version 9.2.2, is vulnerable to authorization bypass. This vulnerability allows unauthenticated attackers to enumerate sequential report IDs and download complete form submission data, including sensitive information such as names, email addresses, phone numbers, postal addresses, payment details, and uploaded file paths, for [truncated]