4 matches found
CVE-2023-2114 NEX-Forms < 8.4 - Admin+ SQL Injection
The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...
CVE-2023-2114
CVE-2023-2114 concerns the NEX-Forms WordPress plugin (pre-8.4) where the table parameter (populated with user input) is not properly escaped before being concatenated into an SQL query. Root cause: lack of input sanitization for the table parameter in the form-save workflow, enabling SQL Injecti...
CVE-2023-2114 NEX-Forms < 8.4 - Admin+ SQL Injection
The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...
WordPress NEX-Forms – Ultimate Form Builder Plugin < 8.4 is vulnerable to SQL Injection
Software NEX-Forms – Ultimate Form Builder Type Plugin Vulnerable versions 8.4 Fixed in 8.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2114 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 633a726244b6 Credits Alexander Schmid Required privilege...