Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical0
High1
Medium1
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2026-03-16

CVE-2026-1947 - NEX-Forms – Ultimate Forms Plugin for WordPress

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submit_nex_form() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to to overwrite arbitrary form entries via the 'nf_set_entry_update_id' parameter.

PLUGIN NEX-Forms – Ultimate Forms Plugin for WordPress

CVE-2026-1947

HIGH CVSS 7.5 2026-03-16
Open Full Technical Breakdown
Threat Entry Updated 2026-03-16

CVE-2026-1948 - NEX-Forms – Ultimate Forms Plugin for WordPress

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_license() function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to to deactivate the plugin license.

PLUGIN NEX-Forms – Ultimate Forms Plugin for WordPress

CVE-2026-1948

MEDIUM CVSS 4.3 2026-03-16
Open Full Technical Breakdown
Scroll to top