CVE-2022-3142

CVE-2022-3142: NEX-Forms < 7.9.7 - Authenticated SQLi

Vendor Unknown

Product NEX-Forms – Ultimate Form Builder – Contact forms and much more

Weakness CWE-89 · SQLi

Published September 19, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.

Key dates

02Disclosure timeline

September 19, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3142

Related vulnerabilities

04Related CVE

CVE-2024-7444 itsourcecode Ticket Reservation System Login Page login.php sql injection CVE-2025-0208 code-projects Online Shoe Store summary.php sql injection CVE-2025-13652 CBX Bookmark & Favorite <= 2.0.4 - Authenticated (Subscriber+) SQL Injection via `orderby` Parameter CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database CVE-2021-36722 Emuse - eServices / eNvoice SQL injection