35 matches found
CVE-2025-13409
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-13409
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-13409 Form Vibes – Database Manager for Forms <= 1.4.13 - Authenticated (Admin+) SQL Injection
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-13409
CVE-2025-13409 concerns the WordPress plugin Form Vibes – Database Manager for Forms . The Wordfence report confirms an SQL Injection via the params parameter in all versions up to and including 1.4.13 due to insufficient escaping and lack of proper query preparation. It requires authenticated Ad...
CVE-2025-13409 Form Vibes – Database Manager for Forms <= 1.4.13 - Authenticated (Admin+) SQL Injection
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
PT-2026-1399
Name of the Vulnerable Software and Affected Versions Form Vibes – Database Manager for Forms plugin for WordPress versions up to and including 1.4.13 Description The software contains a SQL Injection issue due to insufficient escaping of user-supplied input and inadequate preparation of existing...
WordPress plugin Form Vibes – Database Manager for Forms SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...
WordPress Form Vibes – Database Manager for Forms plugin <= 1.4.13 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by tmrswrr in WordPress Plugin Form Vibes – Database Manager for Forms versions = 1.4.13...
EUVD-2024-46543
Malicious code in bioql PyPI...
EUVD-2024-46551
Malicious code in bioql PyPI...
CVE-2024-5325
The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the ‘fvexportdata’ parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-5309
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fvexportcsv, resetsettings, savesettings, savecolumnssettings, getanalyticsdata, geteventlogsdata, deletesubmissions, and...
CVE-2024-5309
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fvexportcsv, resetsettings, savesettings, savecolumnssettings, getanalyticsdata, geteventlogsdata, deletesubmissions, and...
CVE-2024-5309
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fvexportcsv, resetsettings, savesettings, savecolumnssettings, getanalyticsdata, geteventlogsdata, deletesubmissions, and...
CVE-2024-5309 Form Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fvexportcsv, resetsettings, savesettings, savecolumnssettings, getanalyticsdata, geteventlogsdata, deletesubmissions, and...
WordPress Form Vibes – Database Manager for Forms plugin <= 1.4.12 - Missing Authorization in Multiple Functions vulnerability
Missing Authorization in Multiple Functions vulnerability discovered by Peter Thaleikis in WordPress Plugin Form Vibes – Database Manager for Forms versions = 1.4.12...
WordPress Form Vibes – Database Manager for Forms Plugin <= 1.4.12 is vulnerable to Broken Access Control
Software Form Vibes – Database Manager for Forms Type Plugin Vulnerable versions = 1.4.12 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5309 Patch priority Low CVSS severity Low 5.4 Developer WPVibes PSID abc9bfead98c Credits Peter Thaleikis...
WordPress plugin Form Vibes 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2024-5325
The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the ‘fvexportdata’ parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-5325
The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the ‘fvexportdata’ parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...