2021-11-08 17:34:51
WPScan
PUBLISHED
The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a did GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection