Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2023/05/08 1:58 p.m.14 views

CVE-2023-2114 NEX-Forms < 8.4 - Admin+ SQL Injection

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

7.3AI score0.44629EPSS
Exploits3References2
CVE
CVE
added 2023/05/08 1:58 p.m.80 views

CVE-2023-2114

CVE-2023-2114 concerns the NEX-Forms WordPress plugin (pre-8.4) where the table parameter (populated with user input) is not properly escaped before being concatenated into an SQL query. Root cause: lack of input sanitization for the table parameter in the form-save workflow, enabling SQL Injecti...

7.2CVSS7.3AI score0.44629EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2023/05/08 1:58 p.m.30 views

CVE-2023-2114 NEX-Forms < 8.4 - Admin+ SQL Injection

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

7.4AI score0.44629EPSS
Exploits3References2
Patchstack
Patchstack
added 2023/04/25 12:0 a.m.18 views

WordPress NEX-Forms – Ultimate Form Builder Plugin < 8.4 is vulnerable to SQL Injection

Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions 8.4 Fixed in 8.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2114 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 633a726244b6 Credits Alexander Schmid Required privilege...

7.2CVSS7.2AI score0.44629EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder