SchmidAlex/nex-forms_SQL-Injection-CVE-2023-2114

Releases0

Stars2

Quick Review about the SQL-Injection in the NEX-Forms Plugin for WordPress

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-2114 ↗	May 8, 2023Monday, 8 May 2023, 14:15	7.2 HIGH	—
The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.