Wow Forms

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2017-20244	WordPress Wow Forms	Hig	0.53	8.2	—		Jun 9, 2026	Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to…
CVE-2021-24628	WordPress Wow Forms		0.00	—	0.01		Nov 8, 2021	The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection

CVE-2017-20244HigJun 9, 2026
WordPress
Wow Forms
risk 0.53cvss 8.2epss —
Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to…
CVE-2021-24628Nov 8, 2021
WordPress
Wow Forms
risk 0.00cvss —epss 0.01
The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection