CVE-2024-53808: 
WordPress vulnerability analysis and mitigation

A SQL Injection vulnerability (CVE-2024-53808) was discovered in Basix NEX-Forms – Ultimate Form Builder, affecting versions through 8.7.8. The vulnerability was reported by Patchstack on December 6, 2024, and received a CVSS v3.1 base score of 7.2 (HIGH) from NIST NVD (NVD, Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (CWE-89). The issue received two different CVSS v3.1 scores: 7.2 (HIGH) from NIST NVD with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, and 8.5 (HIGH) from Patchstack with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L (NVD).

This vulnerability could allow malicious actors to directly interact with the database, potentially leading to unauthorized access to sensitive information. The high severity ratings from both NIST and Patchstack indicate significant potential impact on the confidentiality and integrity of the affected systems (Patchstack).

The vulnerability has been fixed in version 8.7.9 of the NEX-Forms – Ultimate Form Builder plugin. Users are advised to update to version 8.7.9 or later to remove the vulnerability (Patchstack).