CVE-2017-20244

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

CVE-2017-20244

CVE-2017-20244 affects Wow Forms WordPress Plugin version 2.1. The vulnerability is an SQL injection in admin-ajax.php handling the send_mwp_form action, exploitable via an unescaped POST parameter mwpformid, allowing unauthenticated attackers to read arbitrary database information. Reported CVSS...

EUVD-2017-18970

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

CVE-2017-20244 Wow Forms WordPress Plugin 2.1 SQL Injection

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

WordPress plugin Wow Forms SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-47767

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

EUVD-2021-11540

Malware in sbrugna...

CVE-2021-24628

The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection...

WordPress Wow Forms plugin SQL injection vulnerability (CNVD-2021-99632)

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress Wow Forms plugin in version 3.1.3 and earlier, which stems fr...

CVE-2021-24628

The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection...

CVE-2021-24628

The CVE concerns WordPress Wow Forms plugin

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress Wow Forms plugin in version 3.1.3 and earlier, which stems fr...

Wow Forms <= 3.1.3 - Admin+ SQL Injection

The plugin does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection https://plugins.trac.wordpress.org/browser/mwp-forms/trunk/admin/partials/main.phpL13 As admin,...

Wow Forms <= 3.1.3 - Admin+ SQL Injection

The plugin does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection PoC https://plugins.trac.wordpress.org/browser/mwp-forms/trunk/admin/partials/main.phpL13 As admin,...

WordPress Wow Forms plugin <= 3.1.3 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress Wow Forms plugin versions = 3.1.3. Solution Deactivate and delete. This plugin has been closed as of June 18, 2021 and is not available for download. Reason: Security Issue...

WordPress Wow Forms Plugin SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Wow Forms plugin, which can be exploited by attackers to access or modi...

WordPress Wow Forms 2.1 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wow Forms v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-forms/ Version: 2.1 Contact: email protected...

WordPress Plugin Wow Forms 2.1 - SQL Injection

WordPress Plugin Wow Forms 2.1 - SQL Injection Exploit Title: Wow Forms v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-forms/ Version: 2.1 Contact: infoattad.group Website:...

WordPress Wow Forms plugin <= 2.1 - SQL Injection

The POST parameter wowformid is vulnerable to SQL injection. This parameter is not escaped properly. Solution Update the plugin...

WordPress Plugin Wow Forms 2.1 - SQL Injection

Exploit Title: Wow Forms v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-forms/ Version: 2.1 Contact: infoattad.group Website: https://tad.group Category: Web Application...