CVE-2026-12142 | webaways NEX-Forms Plugin up to 9.2.2 on WordPress wp_kses _name[] cross site scripting
A vulnerability was found in webaways NEX-Forms Plugin up to 9.2.2 on WordPress. It has been rated as problematic. This affects the function wp_kses. This manipulation of the argument _name[] causes cross site scripting.
This vulnerability is tracked as CVE-2026-12142. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is advised.VulDB Recent EntriesRead More