What is GHSA-7jrg-cpg8-x952?

GHSA-7jrg-cpg8-x952 is a security advisory published by GitHub Security Advisories with High severity. Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows...

Which CVE IDs does GHSA-7jrg-cpg8-x952 cover?

GHSA-7jrg-cpg8-x952 covers the following CVE IDs: CVE-2017-20244. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-7jrg-cpg8-x952?

GHSA-7jrg-cpg8-x952 has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-7jrg-cpg8-x952HighCVSS 8.2

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows...

Vendor

GitHub Security Advisories

Published

June 9, 2026

Last Modified

June 9, 2026

🔗 CVE IDs covered (1)

CVE-2017-20244 →

📋 Description

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php endpoint with the 'send_mwp_form' action to extract sensitive database contents.

🔗 References (7)

https://nvd.nist.gov/vuln/detail/CVE-2017-20244
https://tad.group
https://wordpress.org/plugins/mwp-forms
https://www.exploit-db.com/exploits/41922
https://www.vulncheck.com/advisories/wow-forms-wordpress-plugin-sql-injection
http://wow-company.com
https://github.com/advisories/GHSA-7jrg-cpg8-x952