Medium severity5.4NVD Advisory· Published Sep 5, 2024· Updated Apr 8, 2026

CVE-2024-5309

Description

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple unauthorized actions. NOTE: This vulnerability is partially fixed in version 1.4.12.

Affected products

Wpvibes/Form Vibes
cpe:2.3:a:wpvibes:form_vibes:*:*:*:*:*:wordpress:*:*
Range: <1.4.13

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changesetnvdPatch
www.wordfence.com/threat-intel/vulnerabilities/id/aba88c4c-93a4-4c1c-b239-68b5fec87146nvdThird Party Advisory
plugins.trac.wordpress.org/changeset/3146787/nvd

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000