1 results (0.004 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service (DoS) condition. Forminator anterior a 1.29.3 contiene una vulnerabilidad de inyección SQL. Si se explota esta vulnerabilidad, un atacante remoto autenticado con privilegios administrativos puede obtener y alterar cualquier información en la base de datos y provocar una condición de denegación de servicio (DoS). The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'order_by' parameter in all versions up to, and including, 1.29.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://jvn.jp/en/jp/JVN50132400 https://wordpress.org/plugins/forminator https://wpmudev.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •