Lucene search

CVE-2024-5325

🗓️ 12 Jul 2024 13:21:15Reported by WordfenceType

The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the ‘fv_export_data’ parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL query

Reporter	Title	Published	Views	Family All 5
Patchstack	WordPress Form Vibes – Database Manager for Forms Plugin <= 1.4.10 is vulnerable to SQL Injection	12 Jul 202400:00	–	patchstack
Cvelist	CVE-2024-5325 Form Vibes <= 1.4.10 - Authenticated (Subscriber+) SQL Injection via fv_export_data	12 Jul 202412:47	–	cvelist
Vulnrichment	CVE-2024-5325 Form Vibes <= 1.4.10 - Authenticated (Subscriber+) SQL Injection via fv_export_data	12 Jul 202412:47	–	vulnrichment
NVD	CVE-2024-5325	12 Jul 202413:15	–	nvd
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (July 8, 2024 to July 14, 2024)	18 Jul 202415:33	–	wordfence

Vulners

Vulnrichment

Node

wpvibes form_vibes_–_database_manager_for_formsRange≤1.4.10wordpress

[
  {
    "vendor": "wpvibes",
    "product": "Form Vibes – Database Manager for Forms",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.4.10",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3115288/form-vibes/trunk/inc/classes/query.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/a3311097-d477-441e-9bf3-3f991a9b6af9

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Jul 2024 13:15Current

8.7High risk

Vulners AI Score8.7

CVSS38.8

EPSS0.00524

SSVC