3 matches found
CVE-2024-5309
CVE-2024-5309 (Form Vibes – Database Manager for Forms, WordPress) : The WordPress plugin
CVE-2024-5325
The vulnerability CVE-2024-5325 affects Form Vibes – Database Manager for Forms (WordPress plugin). It is a SQL Injection via the fv_export_data parameter in all versions up to 1.4.10, caused by insufficient escaping and lack of prepared statements. Authenticated users with Subscriber+ privileges...
CVE-2022-3764
CVE-2022-3764 affects the WordPress plugin Form Vibes prior to version 1.4.5 . The root cause is failure to filter the delete_entries parameter in user requests, enabling a SQL injection vulnerability. Reports in multiple sources describe an Admin+ SQLi impact, with PoCs showing that crafting req...