Lucene search
K

39 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-13378

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

7.2CVSS0.00259EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43147

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

7.2CVSS6.2AI score0.00259EPSS
Exploits0References5
CVE
CVE
added 4 days ago12 views

CVE-2026-13378

CVE-2026-13378 affects the Form Vibes – Database Manager for Forms plugin for WordPress. It enables unauthenticated Stored Cross-Site Scripting via a Contact Form 7 Form Field in all versions up to 1.5.2 due to insufficient input sanitization and output escaping. This allows injected scripts to e...

7.2CVSS6.2AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13378 Form Vibes <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via Contact Form 7 Form Field

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 Form Field in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

7.2CVSS0.00259EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.5 views

CVE-2025-13409

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

4.9CVSS6.5AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2026/01/06 4:15 a.m.6 views

CVE-2025-13409

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

4.9CVSS0.00266EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/06 3:21 a.m.2 views

CVE-2025-13409 Form Vibes – Database Manager for Forms <= 1.4.13 - Authenticated (Admin+) SQL Injection

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

4.9CVSS6.2AI score0.00266EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/06 3:21 a.m.35 views

CVE-2025-13409 Form Vibes – Database Manager for Forms <= 1.4.13 - Authenticated (Admin+) SQL Injection

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

4.9CVSS0.00266EPSS
Exploits0References4
CVE
CVE
added 2026/01/06 3:21 a.m.25 views

CVE-2025-13409

CVE-2025-13409 concerns the WordPress plugin Form Vibes – Database Manager for Forms . The Wordfence report confirms an SQL Injection via the params parameter in all versions up to and including 1.4.13 due to insufficient escaping and lack of proper query preparation. It requires authenticated Ad...

4.9CVSS6.2AI score0.00266EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.7 views

PT-2026-1399

Name of the Vulnerable Software and Affected Versions Form Vibes – Database Manager for Forms plugin for WordPress versions up to and including 1.4.13 Description The software contains a SQL Injection issue due to insufficient escaping of user-supplied input and inadequate preparation of existing...

4.9CVSS6.9AI score0.00266EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.5 views

WordPress plugin Form Vibes – Database Manager for Forms SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

4.9CVSS7.8AI score0.00266EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/05 9:47 p.m.8 views

WordPress Form Vibes – Database Manager for Forms plugin <= 1.4.13 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin Form Vibes – Database Manager for Forms versions = 1.4.13...

4.9CVSS8AI score0.00266EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-46543

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00292EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-46551

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00484EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 6:38 a.m.6 views

CVE-2024-5325

The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the ‘fvexportdata’ parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS8.6AI score0.00484EPSS
Exploits0References1
OSV
OSV
added 2024/09/05 9:15 a.m.7 views

CVE-2024-5309

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fvexportcsv, resetsettings, savesettings, savecolumnssettings, getanalyticsdata, geteventlogsdata, deletesubmissions, and...

5.4CVSS5.8AI score0.00292EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/09/05 9:15 a.m.2 views

CVE-2024-5309

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fvexportcsv, resetsettings, savesettings, savecolumnssettings, getanalyticsdata, geteventlogsdata, deletesubmissions, and...

5.4CVSS5.9AI score0.00292EPSS
Exploits0References4
NVD
NVD
added 2024/09/05 9:15 a.m.32 views

CVE-2024-5309

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fvexportcsv, resetsettings, savesettings, savecolumnssettings, getanalyticsdata, geteventlogsdata, deletesubmissions, and...

5.4CVSS0.00292EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/09/05 8:30 a.m.29 views

CVE-2024-5309 Form Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fvexportcsv, resetsettings, savesettings, savecolumnssettings, getanalyticsdata, geteventlogsdata, deletesubmissions, and...

5.4CVSS0.00292EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/09/05 2:56 a.m.6 views

WordPress Form Vibes – Database Manager for Forms plugin <= 1.4.12 - Missing Authorization in Multiple Functions vulnerability

Missing Authorization in Multiple Functions vulnerability discovered by Peter Thaleikis in WordPress Plugin Form Vibes – Database Manager for Forms versions = 1.4.12...

5.4CVSS7AI score0.00292EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder