CVE-2022-3142

Published: 19/09/2022 Updated: 07/11/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

The NEX-Forms WordPress plugin prior to 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.

Vulnerable Product	Search on Vulmon	Subscribe to Product
basixonline nex-forms

TCC Container engine (comunicação): Identificar uma maneira de coletar informações de uma aplicação que esteja rodando dentro do ambiente de container Seguindo a segunda e terceira proposta do artigo ISCC2021 (a ideia é ficar dentro do ambiente do container) Plugin que permite coletar informações/interaç&ot

Authenticatd SQL injection vulnerability in the "NEX Forms" Wordpress plugin

nex-forms-exploit Authenticatd SQL injection vulnerability in the "NEX Forms" Wordpress plugin mediumcom/@eliashohl/authenticated-sql-injection-vulnerability-in-nex-forms-wordpress-plugin-35b8558dd0f5 This vulnerability has been assigned CVE-2022-3142 nvdnistgov/vuln/detail/CVE-2022-3142 Start a new Wordpress instance using docker-compose Ins

CWE-89 https://wpscan.com/vulnerability/8acc0fc6-efe6-4662-b9ac-6342a7823328 http://packetstormsecurity.com/files/171477/WordPress-NEX-Forms-SQL-Injection.html https://medium.com/%40elias.hohl/authenticated-sql-injection-vulnerability-in-nex-forms-wordpress-plugin-35b8558dd0f5 https://nvd.nist.gov https://github.com/Carmofrasao/TCC https://github.com/ehtec/nex-forms-exploit

CVE-2022-3142

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect