https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2114
https://wpscan.com/vulnerability/3d8ab3a5-1bf8-4216-91fa-e89541e5c43d
Quick Review about the SQL-Injection in the NEX-Forms Plugin for WordPress
Note that this uploaded exploit code isnt for this particular vulnerability... But this is an example how you could make an exploit for this issue.
From Version 8.3 (Maybe earlier too) till version 8.4
The SQL-Injection is placed in the authenticated area from NEX-Forms. When you edit a form and want to safe it, your client sends a post-request to the server with some parameters.
One of those parameters is called 'table' which is vulnerable. There was no sanitizing or filtering.