The NEX-Forms WordPress plugin before 8.4 does not properly escape the table
parameter, which is populated with user input, before concatenating it to an SQL query.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Nex-forms |
Basixonline |
* |
* |
References