CVE-2025-69324
Stored XSS in Basix NEX-Forms Allows Persistent Script Injection
Publication date: 2026-02-20
Last updated on: 2026-02-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| basix | nex-forms | to 9.1.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-69324 is a medium severity Cross Site Scripting (XSS) vulnerability affecting the WordPress NEX-Forms Plugin versions up to and including 9.1.7.
This vulnerability allows an attacker to inject malicious scriptsβsuch as redirects, advertisements, or other HTML payloadsβinto a website, which execute when visitors access the compromised site.
Exploitation requires user interaction, specifically a privileged user must perform an action like clicking a malicious link, visiting a crafted page, or submitting a form.
The vulnerability falls under the OWASP Top 10 category A3: Injection.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'An attacker exploiting this vulnerability can inject malicious scripts into your website, which can execute when visitors access the site.'}, {'type': 'list_item', 'content': 'These scripts could redirect users to malicious sites.'}, {'type': 'list_item', 'content': 'They could display unwanted advertisements.'}, {'type': 'list_item', 'content': 'They could execute other harmful HTML payloads.'}, {'type': 'paragraph', 'content': "Such actions can compromise the security and trustworthiness of your website, potentially leading to data theft, user session hijacking, or damage to your site's reputation."}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves Stored Cross-Site Scripting (XSS) in the NEX-Forms Plugin up to version 9.1.7, where malicious scripts can be injected and executed when users visit compromised pages.
Detection typically involves monitoring for unusual or unexpected script injections in web forms or stored content generated by the plugin.
Specific commands or automated detection tools are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary immediate mitigation step is to update the NEX-Forms Plugin to version 9.1.8 or later, where the vulnerability is resolved.
Until the update can be applied, users can implement mitigation rules provided by Patchstack to block attacks targeting this vulnerability.
Additionally, enabling automatic mitigation and auto-update features offered by Patchstack can enhance protection against exploitation.