CVE-2025-10185
BaseFortify
Publication date: 2025-10-11
Last updated on: 2025-10-14
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpres | plugin | nex-forms |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the NEX-Forms β Ultimate Forms Plugin for WordPress is an SQL Injection flaw in the 'orderby' parameter within the action nf_load_form_entries. It affects all versions up to and including 9.1.6. Due to insufficient escaping and lack of proper preparation of the user-supplied 'orderby' parameter in SQL queries, authenticated attackers with Administrator-level access or higher can append additional SQL queries. This allows them to extract sensitive information from the database. Lower-level users might exploit this if granted access by a site administrator.
How can this vulnerability impact me? :
This vulnerability can allow attackers with administrator or higher privileges to perform unauthorized SQL queries on the database, potentially extracting sensitive information. This could lead to data leakage, exposure of confidential data, and compromise of the website's integrity. If lower-level users are granted access improperly, they might also exploit this vulnerability to access sensitive data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively impact compliance with standards such as GDPR and HIPAA because it enables unauthorized access to sensitive personal or protected health information stored in the database. Exploitation could lead to data breaches, violating data protection and privacy regulations, and potentially resulting in legal and financial consequences for the affected organization.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the NEX-Forms β Ultimate Forms Plugin for WordPress is installed with a version up to and including 9.1.6, and if the 'orderby' parameter in the action nf_load_form_entries is being used in a way that allows SQL injection. Since the vulnerability requires authenticated access with Administrator-level privileges or higher, detection involves monitoring for suspicious SQL queries or unusual database access patterns related to the 'orderby' parameter. Specific commands are not provided in the resources, but typical detection methods include reviewing web server logs for suspicious POST or GET requests containing SQL injection payloads in the 'orderby' parameter, or using WordPress security plugins to audit plugin versions and scan for known vulnerabilities.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the NEX-Forms plugin to a version later than 9.1.6 where the vulnerability is fixed. The changeset in Resource 1 indicates that sanitization and SQL preparation improvements were made to prevent SQL injection. Additionally, restricting access to the plugin's form entry features to only trusted Administrator-level users and reviewing user permissions to ensure lower-level users do not have elevated access can reduce risk. If an update is not immediately possible, disabling or restricting the vulnerable functionality related to the 'orderby' parameter or the nf_load_form_entries action may help mitigate exploitation. Monitoring license activation status and ensuring the plugin's license verification is functioning properly can also help maintain security controls. [1]