cleantalk
Vulnerabilities and Security Researches

HTML Forms, CVE-2022-3689

CVE, Research URL

CVE-2022-3689

Home page URL

Security reports for HTML Forms

Application

HTML Forms

Published on
Nov 28, 2022
Research Description
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users
Affected versions
Min -, max 1.3.25.
Status
vulnerable
Previous vulnerability researches
HTML Forms (CVE-2024-6412) , Aug 02, 2024
HTML Forms (CVE-2024-56060) , Dec 22, 2024
HTML Forms (CVE-2025-31080) , Apr 03, 2025
HTML Forms (CVE-2023-50836) , Jun 07, 2024
HTML Forms (CVE-2022-3689) , Jun 07, 2024
New vulnerability
Easy Contact (CVE-2025-30970) , Apr 08, 2025
DyaPress ERP/CRM (CVE-2025-30582) , Apr 08, 2025
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links (CVE-2025-1264) , Apr 07, 2025
Advanced All in One Admin Search by WP Spotlight (CVE-2025-32261) , Apr 06, 2025
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (CVE-2025-32219) , Apr 06, 2025