CVE-2025-6782 in GoZen Forms Plugin情報

要約

〜によって MITRE • 2025年07月04日

The GoZen Forms plugin for WordPress is vulnerable to SQL Injection via the 'forms-id' parameter of the dirGZActiveForm() function in all versions up to, and including, 1.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

予約する

2025年06月27日

モデレーション

承諾済み

エントリ

VDB-314789

EPSS

0.00347

アクティビティ

非常低い

セクター

Hostingprovider

ソース

Might our Artificial Intelligence support you?

Check our Alexa App!