1 results (0.002 seconds)
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24628 – Wow Forms <= 3.1.3 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2021-24628
07 Oct 2021 — The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection El plugin Wow Forms de WordPress versiones hasta 3.1.3, no sanea o escapa de un parámetro GET "did" antes de usarlo en una sentencia SQL, cuando se borra un formulario en el panel de administración, conllevando a una inyección SQL autenticada The Wow Forms WordPress plugin through 3.1.3 does n... • https://codevigilant.com/disclosure/2021/wp-plugin-mwp-forms • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •