CVE-2025-10185
📋 TL;DR
This SQL injection vulnerability in the NEX-Forms WordPress plugin allows authenticated attackers with Administrator access to execute arbitrary SQL queries via the 'orderby' parameter. Attackers can extract sensitive database information, potentially including user credentials and form submissions. Lower-privileged users may also exploit this if granted access by administrators.
💻 Affected Systems
- NEX-Forms – Ultimate Forms Plugin for WordPress
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, privilege escalation, and potential site takeover.
Likely Case
Extraction of sensitive form data, user information, and potentially administrator credentials.
If Mitigated
Limited impact if proper access controls and input validation are implemented.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of SQL injection techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 9.1.6
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3365585/nex-forms-express-wp-form-builder/trunk/includes/classes/class.db.php
Restart Required: No
Instructions:
1. Update NEX-Forms plugin to latest version via WordPress admin panel. 2. Verify update to version above 9.1.6. 3. Test form functionality after update.
🔧 Temporary Workarounds
Restrict Administrator Access
allLimit Administrator accounts to essential personnel only and implement strong authentication.
Input Validation Filter
allImplement custom input validation for the 'orderby' parameter in WordPress functions.
🧯 If You Can't Patch
- Disable or remove the NEX-Forms plugin entirely.
- Implement strict WAF rules to block SQL injection patterns targeting the vulnerable endpoint.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel for NEX-Forms plugin version. If version is 9.1.6 or lower, system is vulnerable.Check Version:
wp plugin list --name=nex-forms --field=versionVerify Fix Applied:
Confirm plugin version is above 9.1.6 in WordPress admin panel and test form submission functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in WordPress or database logs
- Multiple failed login attempts followed by form data access
Network Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with suspicious 'orderby' parameters
SIEM Query:
source="wordpress.log" AND "nf_load_form_entries" AND "orderby" AND ("UNION" OR "SELECT" OR "FROM")🔗 References
- https://plugins.svn.wordpress.org/nex-forms-express-wp-form-builder/tags/9.1.4/includes/classes/class.db.php#2527
- https://plugins.trac.wordpress.org/changeset/3365585/nex-forms-express-wp-form-builder/trunk/includes/classes/class.db.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e68d47e7-9a42-4a77-aefa-fe130500cbd3?source=cve
