CVE-2015-9452

Name of the Vulnerable Software and Affected Versions nex-forms-express-wp-form-builder plugin versions prior to 4.6.1

Description The issue is related to SQL injection via the "wp-admin/admin.php?page=nex-forms-main" API endpoint, specifically through the nex forms Id parameter. This allows for potential exploitation.

Recommendations For versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin.php?page=nex-forms-main" API endpoint to minimize the risk of exploitation. Avoid using the nex forms Id parameter in the affected API endpoint until the issue is resolved.