Published: 08/05/2023 Updated: 07/11/2023

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 0

The NEX-Forms WordPress plugin prior to 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.

Vulnerable Product	Search on Vulmon	Subscribe to Product
basixonline nex-forms

Quick Review about the SQL-Injection in the NEX-Forms Plugin for WordPress

nex-forms_SQL-Injection CVE-2023-2114 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2023-2114 wpscancom/vulnerability/3d8ab3a5-1bf8-4216-91fa-e89541e5c43d Quick Review about the SQL-Injection in the NEX-Forms Plugin for WordPress Uploaded exploit Note that this uploaded exploit code isnt for this particular vulnerability But this is an example how you could mak

Quick Review about the SQL-Injection in the NEX-Forms Plugin for WordPress

nex-forms_SQL-Injection CVE-2023-2114 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2023-2114 wpscancom/vulnerability/3d8ab3a5-1bf8-4216-91fa-e89541e5c43d Quick Review about the SQL-Injection in the NEX-Forms Plugin for WordPress Uploaded exploit Note that this uploaded exploit code isnt for this particular vulnerability But this is an example how you could mak

https://wpscan.com/vulnerability/3d8ab3a5-1bf8-4216-91fa-e89541e5c43d https://github.com/SchmidAlex/nex-forms_SQL-Injection https://nvd.nist.gov https://github.com/SchmidAlex/nex-forms_SQL-Injection-CVE-2023-2114

CVE-2023-2114

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect