Stored Cross-Site Scripting Vulnerability in Form Vibes Database Manager for Forms Plugin
CVE-2026-13378
7.2HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 11 July 2026
What is CVE-2026-13378?
The Form Vibes β Database Manager for Forms plugin for WordPress has a vulnerability that allows for stored cross-site scripting (XSS). This arises from inadequate input sanitization and output escaping within the plugin, specifically concerning the Contact Form 7 form field. Attackers can exploit this vulnerability to inject malicious web scripts, which will execute automatically when a user visits an affected web page. This poses significant risks for WordPress users, as it could lead to unauthorized actions and exposure of sensitive data.
Affected Version(s)
Form Vibes β Save Contact Form 7 & Elementor Form Entries to Database 0 <= 1.5.2