SQL Injection Vulnerability in Form Vibes Plugin for WordPress
CVE-2024-5325
8.8HIGH
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 12 July 2024
What is CVE-2024-5325?
The Form Vibes plugin for WordPress poses a significant security risk due to a vulnerability that allows SQL Injection through the ‘fv_export_data’ parameter. This issue arises from inadequate escaping of user-supplied input and insufficient preparation of the SQL query. Authenticated users with Subscriber-level access or higher can exploit this vulnerability, enabling them to insert malicious SQL statements into existing queries. Such exploitation can lead to the extraction of sensitive information from the database, compromising user data and potentially leading to further attacks.
Affected Version(s)
Form Vibes – Database Manager for Forms * <= 1.4.10