Form Vibes
by Wpvibes
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5325 | Hig | 0.50 | 8.8 | 0.00 | Jul 12, 2024 | The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the ‘fv_export_data’ parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This… | ||
| CVE-2024-5309 | Med | 0.28 | 5.4 | 0.00 | Sep 5, 2024 | The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data,… | ||
| CVE-2022-3764 | 0.00 | — | 0.01 | Jan 16, 2024 | The plugin does not filter the "delete_entries" parameter from user requests, leading to an SQL Injection vulnerability. |
- risk 0.50cvss 8.8epss 0.00
The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the ‘fv_export_data’ parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…
- risk 0.28cvss 5.4epss 0.00
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data,…
- CVE-2022-3764Jan 16, 2024risk 0.00cvss —epss 0.01
The plugin does not filter the "delete_entries" parameter from user requests, leading to an SQL Injection vulnerability.