1 results (0.006 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection El plugin Wow Forms de WordPress versiones hasta 3.1.3, no sanea o escapa de un parámetro GET "did" antes de usarlo en una sentencia SQL, cuando se borra un formulario en el panel de administración, conllevando a una inyección SQL autenticada The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection. • https://codevigilant.com/disclosure/2021/wp-plugin-mwp-forms https://wpscan.com/vulnerability/d742ab35-4e2d-42a8-bebc-b953b2e10e3c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •