CVE-2026-1947 | webaways NEX-Forms Plugin up to 9.1.9 on WordPress submit_nex_form nf_set_entry_update_id authorization

A vulnerability identified as critical has been detected in webaways NEX-Forms Plugin up to 9.1.9 on WordPress. This vulnerability affects the function submit_nex_form. The manipulation of the argument nf_set_entry_update_id leads to authorization bypass.

This vulnerability is documented as CVE-2026-1947. The attack can be initiated remotely. There is not any exploit available.