Basix NEX-Forms Vulnerable to SQL Injection
CVE-2024-53808

7.2HIGH

Key Information:

Vendor: WordPress
Status: Nex-forms – Ultimate Form Builder
Vendor: CVE Published:; 6 December 2024

Summary

The vulnerability allows for improper neutralization of special elements in SQL commands, leading to SQL Injection in the Basix NEX-Forms – Ultimate Form Builder. This flaw permits malicious actors to execute arbitrary SQL queries, potentially compromising sensitive data and the integrity of the database. Users of versions up to 8.7.8 are at risk and should implement necessary security measures to mitigate exposure.

Affected Version(s)

NEX-Forms – Ultimate Form Builder <= 8.7.8

References

https://patchstack.com/database/wordpress/plugin/nex-form...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2024
Vulnerability Reserved
Nov 22, 2024

Credit

trongnb02 (Patchstack Alliance)