top of page
perceptive_background_267k.jpg

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows …

Published:

26 mei 2026 om 22:00:00

Alert date:

27 mei 2026 om 15:06:57

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

A SQL injection vulnerability (CVE-2026-42747) has been identified in the Easy Form Builder WordPress plugin by hassantafreshi. The vulnerability allows for blind SQL injection attacks due to improper neutralization of special elements used in SQL commands. The issue affects Easy Form Builder versions up to and including 4.0.6. This vulnerability could allow attackers to extract sensitive database information through blind SQL injection techniques. The vulnerability has been assigned a high criticality rating.

Technical details

Mitigation steps:

Affected products:

Easy Form Builder WordPress Plugin

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-42747
https://patchstack.com/database/Wordpress/Plugin/easy-form-builder/vulnerability/wordpress-easy-form-builder-plugin-4-0-6-sql-injection-vulnerability?_s_id=cve

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page