Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
•added 2025/05/23 1:19 a.m.•12 views

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

8.8CVSS7AI score0.10375EPSS
Exploits5References1
0day.today
0day.today
•added 2023/03/27 12:0 a.m.•265 views

WordPress NEX-Forms plugin < 7.9.7 - Authenticated SQL injection Vulnerability

Exploit Title: NEX-Forms WordPress plugin =3D 5.0.12 AND time-based blind query SLEEP Payload: page=3Dnex-forms-dashboard&formid=3D1 AND SELECT 4715 FROM SELECTSLEEP5nPUi...

8.8CVSS8.8AI score0.10375EPSS
Exploits5
Packet Storm
Packet Storm
•added 2023/03/27 12:0 a.m.•283 views

WordPress NEX-Forms SQL Injection

Exploit Title: NEX-Forms WordPress plugin =3D 5.0.12 AND time-based blind query SLEEP Payload: page=3Dnex-forms-dashboard&formid=3D1 AND SELECT 4715 FROM SELECTSLEEP5nPUi...

8.8CVSS8.8AI score0.10375EPSS
Exploits5
Exploit DB
Exploit DB
•added 2023/03/25 12:0 a.m.•215 views

NEX-Forms WordPress plugin &lt; 7.9.7 - Authenticated SQLi

Exploit Title: NEX-Forms WordPress plugin =5.0.12 AND time-based blind query SLEEP Payload: page=nex-forms-dashboard&formid=1 AND SELECT 4715 FROM SELECTSLEEP5nPUi...

8.8CVSS8.8AI score0.10375EPSS
Exploits5
Circl
Circl
•added 2022/09/19 6:38 p.m.•31 views

CVE-2022-3142

creationtimestamp| type| source ---|---|--- 2022-09-19 18:38:07+00:00| seen| https://t.me/cibsecurity/50038 2023-03-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51042...

8.8CVSS8AI score0.10375EPSS
Exploits5References2
Cvelist
Cvelist
•added 2022/09/19 12:0 a.m.•45 views

CVE-2022-3142 NEX-Forms < 7.9.7 - Authenticated SQLi

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

9AI score0.10375EPSS
Exploits5References3
CVE
CVE
•added 2022/09/19 12:0 a.m.•96 views

CVE-2022-3142

Affected software: NEX-Forms WordPress plugin, versions before 7.9.7. Vulnerability: SQL injection due to improper sanitisation/escaping of user input used in SQL statements. Exploitation requires permissions to view the forms statistics chart (by default administrators), with potential to be con...

8.8CVSS8.7AI score0.10375EPSS
Exploits5References3Affected Software1
Rows per page
Query Builder