CVE-2023-2114 Information

Description

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter which is populated with user input before concatenating it to an SQL query.

Reference

https://wpscan.com/vulnerability/3d8ab3a5-1bf8-4216-91fa-e89541e5c43d https://github.com/SchmidAlex/nex-forms_SQL-Injection