CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30535 – WordPress Easy Form Builder plugin <= 3.7.4 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30535
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhiteStudio Easy Form Builder.This issue affects Easy Form Builder: from n/a through 3.7.4. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Easy Form Builder de WhiteStudio para WordPress. Este problema afecta a Easy Form Builder: desde n/a hasta 3.7.4. The Easy Form Builder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.7.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/easy-form-builder/wordpress-easy-form-builder-plugin-3-7-4-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24224 – Easy Form Builder <= 1.0 - Authenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2021-24224
The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE. La acción AJAX EFBP_verify_upload_file del plugin Easy Form Builder WordPress versiones hasta 1.0, disponible para usuarios autenticados, no presenta ninguna seguridad para verificar los archivos cargados, permitiendo a usuarios poco privilegiados cargar archivos arbitrarios, conllevando a una vulnerabilidad de RCE • https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484 • CWE-434: Unrestricted Upload of File with Dangerous Type •