Basix NEX-Forms Vulnerable to SQL Injection
CVE-2024-53808

8.5HIGH

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
6 December 2024

What is CVE-2024-53808?

The vulnerability allows for improper neutralization of special elements in SQL commands, leading to SQL Injection in the Basix NEX-Forms – Ultimate Form Builder. This flaw permits malicious actors to execute arbitrary SQL queries, potentially compromising sensitive data and the integrity of the database. Users of versions up to 8.7.8 are at risk and should implement necessary security measures to mitigate exposure.

Affected Version(s)

NEX-Forms 0 <= 8.7.8

References

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

trongnb02 (Patchstack Alliance)
.