CVE-2015-9452 - Vulnerability Details - OpenCVE

The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Basixonline	Nex-forms

Configuration 1 [-]

cpe:2.3:a:basixonline:nex-forms:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html
https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers
https://wpvulndb.com/vulnerabilities/8336

History

Wed, 15 Jan 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Basixonline Basixonline nex-forms
CPEs	cpe:2.3:a:nex-forms_-_ultimate_form_builder_project:nex-forms_-_ultimate_form_builder::::::wordpress::*	cpe:2.3:a:basixonline:nex-forms::::::wordpress::*
Vendors & Products	Nex-forms - Ultimate Form Builder Project Nex-forms - Ultimate Form Builder Project nex-forms - Ultimate Form Builder	Basixonline Basixonline nex-forms

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-07T14:19:48

Updated: 2024-08-06T08:51:05.292Z

Reserved: 2019-09-26T00:00:00

Link: CVE-2015-9452

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-10-07T15:15:10.233

Modified: 2025-01-15T18:26:00.960

Link: CVE-2015-9452

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-07T14:19:48", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/8336"}, {"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers"}, {"tags": ["x_refsource_MISC"], "url": "http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-9452", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wpvulndb.com/vulnerabilities/8336", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/8336"}, {"name": "https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers", "refsource": "MISC", "url": "https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers"}, {"name": "http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html", "refsource": "MISC", "url": "http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:51:05.292Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/8336"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-9452", "datePublished": "2019-10-07T14:19:48", "dateReserved": "2019-09-26T00:00:00", "dateUpdated": "2024-08-06T08:51:05.292Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:basixonline:nex-forms:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1847B525-E6B0-463E-8001-1D18080F9A37", "versionEndExcluding": "4.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter."}, {"lang": "es", "value": "El plugin nex-forms-express-wp-form-builder versiones anteriores a 4.6.1 para WordPress, presenta una inyecci\u00f3n SQL por medio del par\u00e1metro nex_forms_Id de wp-admin/admin.php?page=nex-forms-main."}], "id": "CVE-2015-9452", "lastModified": "2025-01-15T18:26:00.960", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-07T15:15:10.233", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html"}, {"source": "cve@mitre.org", "tags": ["Product", "Release Notes"], "url": "https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpvulndb.com/vulnerabilities/8336"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://cinu.pl/research/wp-plugins/mail_cb24b6204803e8e94943b198edc37af7.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Release Notes"], "url": "https://wordpress.org/plugins/nex-forms-express-wp-form-builder/#developers"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpvulndb.com/vulnerabilities/8336"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}