CVE-2022-3142 – The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user inp …

19 September 2022

Vuln ID: CVE-2022-3142

Published: 2022-09-19 14:15:11Z

Description: The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.

Source: NVD.NIST.GOV

Date:

19 September 2022

Categorie(s):

NVD

Tag(s):

NVD

Governments issue alerts after ‘sophisticated’ state-backed actor found exploiting flaws in Cisco security boxes24 April 2024
Smashing Security podcast #369: Keeping the lights on after a ransomware attack24 April 2024
5G Hackathons – Casey Ellis – BTS #2824 April 2024
CoralRaider leverages CDN cache domains in new infostealer campaign24 April 2024
Shouldn’t Teams, Zoom, Slack all interoperate securely for the Feds? Wyden is asking24 April 2024