Contact Us We’re Ready, Let’s Talk. Hubo un error al intentar enviar su formulario. Por favor, inténtelo de nuevo. {"error":0,"message":null,"data":{"name":"Form Vibes – Database Manager for Forms","plugin":"form-vibes","link":"https:\/\/wordpress.org\/plugins\/form-vibes\/","latest":"1725517980","closed":0,"vulnerability":[{"uuid":"f68aedcb7fc564cf637b77d9dcba7e4ca5c389b089e21b1303f2bcad2a2af44c","name":"Form Vibes – Database Manager for Forms [form-vibes] < 1.4.3","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.4.3","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"4a48804bae01b443ed063f4682c7359c9207a0ba","name":"WordPress Form Vibes \u2013 Database Manager for Forms plugin < 1.4.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/form-vibes\/vulnerability\/wordpress-form-vibes-database-manager-for-forms-plugin-143-toggle-the-debug-mode-via-cross-site-request-forgery-csrf-vulnerability","description":"Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Form Vibes \u2013 Database Manager for Forms plugin (versions < 1.4.3).","date":"2022-02-28"}],"impact":[]},{"uuid":"c72ea48fedf9b3a37e68acb9f849299c9a8b7c762108c5d133669f68b1b4d241","name":"Form Vibes – Database Manager for Forms [form-vibes] < 1.4.3","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.4.3","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"b9c93461cae329cca7a2f267e2368d093fb06384","name":"WordPress Form Vibes \u2013 Database Manager for Forms plugin < 1.4.3 - Sensitive Information Disclosure vulnerability","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/form-vibes\/vulnerability\/wordpress-form-vibes-database-manager-for-forms-plugin-143-sensitive-information-disclosure-vulnerability","description":"Sensitive Information Disclosure vulnerability discovered in WordPress Form Vibes \u2013 Database Manager for Forms plugin (versions < 1.4.3).","date":"2022-02-28"}],"impact":[]},{"uuid":"1e7df137fd36f34c7ed736dd86007217c748dc68c64c858e8f34d37fec3a6790","name":"Form Vibes – Database Manager for Forms [form-vibes] < 1.4.6","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.4.6","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2022-3764","name":"CVE-2022-3764","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2022-3764","description":"[en] The plugin does not filter the \"delete_entries\" parameter from user requests, leading to an SQL Injection vulnerability.","date":"2024-01-16"},{"id":"c86a32ade102b16bbbc146610249f5f5ce60273a","name":"Form Vibes <= 1.4.5 - Authenticated (Admininstrator+) SQL Injection","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/form-vibes\/form-vibes-145-authenticated-admininstrator-sql-injection","description":"The Form Vibes plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.5 due to insufficient escaping on the user supplied parameter IDs and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database when deleting form entries.","date":"2022-11-08"},{"id":"9d49df6b-e2f1-4662-90d2-84c29c3b1cb0","name":"Form Vibes < 1.4.5 - Admin+ SQLi","link":"https:\/\/wpscan.com\/vulnerability\/9d49df6b-e2f1-4662-90d2-84c29c3b1cb0","description":"The "delete_entries" function does not filter parameters from the request. This leads to an SQL Injection vulnerability.","date":null}],"impact":{"cwe":[{"cwe":"CWE-89","name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","description":"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data."}]}},{"uuid":"678a9e3e1fbe9db236b065d53e874f43f1235348b107a9212be239025bbc8967","name":"Form Vibes – Database Manager for Forms [form-vibes] < 1.4.3","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.4.3","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"6d8910c719b2a132ec93828cd37e418b19cac960","name":"Freemius SDK <= 2.4.2 - Missing Authorization Checks","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/detail\/freemius-sdk-242-missing-authorization-checks","description":"The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.","date":"2022-03-04"}],"impact":[]},{"uuid":"ed2a90a57dc1671545a16bd6942d5c7e773b6c249a99dbcd49a0b03a5c0adf1f","name":"Form Vibes – Database Manager for Forms [form-vibes] < 1.4.9","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.4.9","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2023-33999","name":"CVE-2023-33999","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-33999","description":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","date":null},{"id":"181e5e2c979abfce3e25a6c6111faa85277ef2ee","name":"WordPress Form Vibes \u2013 Database Manager for Forms Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS)","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/form-vibes\/vulnerability\/wordpress-form-vibes-database-manager-for-forms-plugin-trunk-reflected-cross-site-scripting-xss-vulnerability","description":"Update the WordPress Form Vibes \u2013 Database Manager for Forms plugin to the latest available version (at least 1.4.9).\nRafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Form Vibes \u2013 Database Manager for Forms Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.4.9.","date":"2023-07-18"},{"id":"39d1f22f-ea34-4d94-9dc2-12661cf69d36","name":"Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting","link":"https:\/\/wpscan.com\/vulnerability\/39d1f22f-ea34-4d94-9dc2-12661cf69d36","description":"The Freemius SDK for WordPress does not adequately sanitize inputs or escape outputs, leading to Reflected Cross-Site Scripting. This directly affects over 1000 plugins and themes that use this SDK.","date":null}],"impact":[]},{"uuid":"4246c513032401b6008ebfbce79de161763017783ca74e36fa705b6e5f9c7926","name":"Form Vibes – Database Manager for Forms [form-vibes] < 1.4.11","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.4.11","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2024-5325","name":"CVE-2024-5325","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-5325","description":"[en] The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the \u2018fv_export_data\u2019 parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","date":"2024-07-12"},{"id":"54709224602a7e0a297e172d27f0352aee719cb0","name":"Form Vibes <= 1.4.10 - Authenticated (Subscriber+) SQL Injection via fv_export_data","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/form-vibes\/form-vibes-1410-authenticated-subscriber-sql-injection-via-fv-export-data","description":"The Form Vibes plugin for WordPress is vulnerable to SQL Injection via the \u2018fv_export_data\u2019 parameter in all versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","date":"2024-07-11"},{"id":"93480e56aee582b423be3f21f1507b69fb541bca","name":"WordPress Form Vibes \u2013 Database Manager for Forms Plugin <= 1.4.10 is vulnerable to SQL Injection","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/form-vibes\/vulnerability\/wordpress-form-vibes-plugin-1-4-10-authenticated-subscriber-sql-injection-via-fv-export-data-vulnerability","description":"WordPress Form Vibes \u2013 Database Manager for Forms Plugin <= 1.4.10 is vulnerable to SQL InjectionSoftware: Form Vibes \u2013 Database Manager for FormsLink: https:\/\/wordpress.org\/plugins\/form-vibes\/#developersAffected Version <= 1.4.10Fixed in version 1.4.11 ","date":"2024-07-12"}],"impact":{"cvss":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","av":"n","ac":"l","pr":"l","ui":"n","s":"u","c":"h","i":"h","a":"h","score":"8.8","severity":"h","exploitable":"0.0","impact":"0.0"},"cwe":[{"cwe":"CWE-89","name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","description":"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data."}]}},{"uuid":"2122a618a7ea8edc508736c4b151d028890d1614d5139d8417fce3d827930818","name":"Form Vibes – Database Manager for Forms [form-vibes] < 1.4.13","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.4.13","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2024-5309","name":"CVE-2024-5309","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-5309","description":"[en] The Form Vibes \u2013 Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple unauthorized actions. NOTE: This vulnerability is partially fixed in version 1.4.12.","date":"2024-09-05"},{"id":"1e53c3e0edb4b13020f901118c426c542210fced","name":"Form Vibes \u2013 Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/form-vibes\/form-vibes-database-manager-for-forms-1412-missing-authorization-in-multiple-functions","description":"The Form Vibes \u2013 Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple unauthorized actions. NOTE: This vulnerability is partially fixed in version 1.4.12.","date":"2024-09-04"},{"id":"d43a8b959aed6a84bff66543c849579bb77ed5a4","name":"WordPress Form Vibes \u2013 Database Manager for Forms Plugin <= 1.4.12 is vulnerable to Broken Access Control","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/form-vibes\/vulnerability\/wordpress-form-vibes-database-manager-for-forms-plugin-1-4-12-missing-authorization-in-multiple-functions-vulnerability","description":"WordPress Form Vibes \u2013 Database Manager for Forms Plugin <= 1.4.12 is vulnerable to Broken Access ControlAffected Version <= 1.4.12","date":"2024-09-05"}],"impact":{"cvss":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","av":"n","ac":"l","pr":"l","ui":"n","s":"u","c":"l","i":"l","a":"n","score":"5.4","severity":"m","exploitable":"0.0","impact":"0.0"},"cwe":[{"cwe":"CWE-862","name":"Missing Authorization","description":"The product does not perform an authorization check when an actor attempts to access a resource or perform an action."}]}},{"uuid":"ad5a15c048bde538e67de3e7c68069acb084a99327c2ca9f18e6a40dcfecf945","name":"Form Vibes – Database Manager for Forms [form-vibes] < 1.4.3","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.4.3","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2022-4974","name":"CVE-2022-4974","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2022-4974","description":"[en] The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.","date":"2024-10-16"}],"impact":{"cvss":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","av":"n","ac":"l","pr":"l","ui":"n","s":"u","c":"l","i":"l","a":"l","score":"6.3","severity":"m","exploitable":"0.0","impact":"0.0"},"cwe":[{"cwe":"CWE-862","name":"Missing Authorization","description":"The product does not perform an authorization check when an actor attempts to access a resource or perform an action."}]}}]},"updated":"1750132258"} Hubo un error al intentar enviar su formulario. Por favor, inténtelo de nuevo. Contact Info Address123 Fifth Avenue, NY 10160, New York, USA Email Uscontact@example.com Call Us800-123-456 Follow Us
