WordPress · Nex-Forms · CVE-2023-2114
**Name of the Vulnerable Software and Affected Versions**
NEX-Forms WordPress plugin versions prior to 8.4
**Description**
The issue arises from improper escaping of the `table` parameter, which is populated with user input, before it is concatenated to an SQL query.
**Recommendations**
For versions prior to 8.4, update to version 8.4 or later to resolve the issue.