The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.CreditsAlexander SchmidWPScanReferenceshttps://wpscan.com/vulnerability/3d8ab3a5-1bf8-4216-91fa-e89541e5c43dhttps://github.com/SchmidAlex/nex-forms_SQL-Injection
