Unrated severityNVD Advisory· Published Sep 19, 2022· Updated Aug 3, 2024
NEX-Forms < 7.9.7 - Authenticated SQLi
CVE-2022-3142
Description
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <7.9.7
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.