CVE-2023-2114

Published May 8th, 2023

View on NVD ↗

CVSS v3

7.2

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.

SchmidAlex/nex-forms_SQL-Injection-CVE-2023-2114

Quick Review about the SQL-Injection in the NEX-Forms Plugin for WordPress

GitHub