The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple unauthorized actions. NOTE: This vulnerability is partially fixed in version 1.4.12.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 05 Sep 2024 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple unauthorized actions. NOTE: This vulnerability is partially fixed in version 1.4.12. | |
Title | Form Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions | |
Weaknesses | CWE-862 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-09-05T08:30:08.774Z
Updated: 2024-09-05T20:20:29.581Z
Reserved: 2024-05-23T23:09:47.701Z
Link: CVE-2024-5309
Vulnrichment
Updated: 2024-09-05T20:20:23.663Z
NVD
Status : Awaiting Analysis
Published: 2024-09-05T09:15:04.253
Modified: 2024-09-05T12:53:21.110
Link: CVE-2024-5309
Redhat
No data.