CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24628

The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.5%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

https://codevigilant.com/disclosure/2021/wp-plugin-mwp-forms/
https://wpscan.com/vulnerability/d742ab35-4e2d-42a8-bebc-b953b2e10e3c
https://codevigilant.com/disclosure/2021/wp-plugin-mwp-forms/
https://wpscan.com/vulnerability/d742ab35-4e2d-42a8-bebc-b953b2e10e3c

Products affected by CVE-2021-24628

Wow-Company » Wow Forms » Version: N/A

cpe:2.3:a:wow-company:wow_forms:-
Wow-Company » Wow Forms » Version: 3.1.3

cpe:2.3:a:wow-company:wow_forms:3.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24628

Products

Pricing

Contact Us