Описание
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.9.7 (исключая)
cpe:2.3:a:basixonline:nex-forms:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 93%
0.10415
Средний
8.8 High
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.
EPSS
Процентиль: 93%
0.10415
Средний
8.8 High
CVSS3
Дефекты
CWE-89