NEX-Forms WordPress Plugin SQL Injection Vulnerability
Vulnerability
A SQL injection vulnerability has been identified in the NEX-Forms - Ultimate Forms Plugin for WordPress, affecting all versions through 9.1.6. The vulnerability arises from insufficient escaping of user-supplied data in the 'orderby' parameter of the 'nf_load_form_entries' action, allowing authenticated attackers with Administrator-level access to manipulate SQL queries. This could potentially be exploited by lower-level users if granted access by an administrator.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to extract sensitive information from the database.
Reproduction
To reproduce this vulnerability, an authenticated user with Administrator privileges can send a request to the 'nf_load_form_entries' action, including a crafted 'orderby' parameter that exploits the SQL injection flaw. This can be done using a tool like Postman or through custom scripts that automate the process.
Remediation
Users are advised to update the NEX-Forms - Ultimate Forms Plugin for WordPress to version 9.1.7 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.