Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Wow Forms by Wow-Company
CVE-2017-20244 (GCVE-0-2017-20244)
Vulnerability from nvd – Published: 2026-06-09 11:48 – Updated: 2026-06-09 13:09 Unsupported When Assigned
VLAI
Title
Wow Forms WordPress Plugin 2.1 SQL Injection
Summary
Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php endpoint with the 'send_mwp_form' action to extract sensitive database contents.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41922 | exploit |
| http://wow-company.com/ | product |
| https://tad.group | product |
| https://wordpress.org/plugins/mwp-forms/ | product |
| https://www.vulncheck.com/advisories/wow-forms-wo… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wow-Company | Wow Forms |
Affected:
2.1
|
Date Public
2017-04-25 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20244",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:09:48.391151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:09:54.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Wow Forms",
"vendor": "Wow-Company",
"versions": [
{
"status": "affected",
"version": "2.1"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wow-company:wow_forms:2.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wow-company:wow_forms:-:*:*:*:*:wordpress:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "TAD GROUP"
}
],
"datePublic": "2017-04-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the \u0027mwpformid\u0027 parameter in requests to the admin-ajax.php endpoint with the \u0027send_mwp_form\u0027 action to extract sensitive database contents."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T11:48:34.087Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-41922",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/41922"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://wow-company.com/"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://tad.group"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://wordpress.org/plugins/mwp-forms/"
},
{
"name": "VulnCheck Advisory: Wow Forms WordPress Plugin 2.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wow-forms-wordpress-plugin-sql-injection"
}
],
"tags": [
"unsupported-when-assigned"
],
"title": "Wow Forms WordPress Plugin 2.1 SQL Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2017-20244",
"datePublished": "2026-06-09T11:48:34.087Z",
"dateReserved": "2026-06-08T11:44:30.995Z",
"dateUpdated": "2026-06-09T13:09:54.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-20244 (GCVE-0-2017-20244)
Vulnerability from cvelistv5 – Published: 2026-06-09 11:48 – Updated: 2026-06-09 13:09 Unsupported When Assigned
VLAI
Title
Wow Forms WordPress Plugin 2.1 SQL Injection
Summary
Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php endpoint with the 'send_mwp_form' action to extract sensitive database contents.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/41922 | exploit |
| http://wow-company.com/ | product |
| https://tad.group | product |
| https://wordpress.org/plugins/mwp-forms/ | product |
| https://www.vulncheck.com/advisories/wow-forms-wo… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wow-Company | Wow Forms |
Affected:
2.1
|
Date Public
2017-04-25 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-20244",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:09:48.391151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:09:54.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Wow Forms",
"vendor": "Wow-Company",
"versions": [
{
"status": "affected",
"version": "2.1"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wow-company:wow_forms:2.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wow-company:wow_forms:-:*:*:*:*:wordpress:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "TAD GROUP"
}
],
"datePublic": "2017-04-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the \u0027mwpformid\u0027 parameter in requests to the admin-ajax.php endpoint with the \u0027send_mwp_form\u0027 action to extract sensitive database contents."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T11:48:34.087Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-41922",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/41922"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://wow-company.com/"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://tad.group"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://wordpress.org/plugins/mwp-forms/"
},
{
"name": "VulnCheck Advisory: Wow Forms WordPress Plugin 2.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wow-forms-wordpress-plugin-sql-injection"
}
],
"tags": [
"unsupported-when-assigned"
],
"title": "Wow Forms WordPress Plugin 2.1 SQL Injection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2017-20244",
"datePublished": "2026-06-09T11:48:34.087Z",
"dateReserved": "2026-06-08T11:44:30.995Z",
"dateUpdated": "2026-06-09T13:09:54.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}