CVE-2024-5309

Name of the Vulnerable Software and Affected Versions The Form Vibes – Database Manager for Forms plugin for WordPress versions up to, and including, 1.4.12

Description The issue allows unauthorized access and modification of data due to a missing capability check on several functions, including fv export csv, reset settings, save settings, save columns settings, get analytics data, get event logs data, delete submissions, and get submissions. This enables authenticated attackers with Subscriber-level access and above to perform multiple unauthorized actions.

Recommendations For versions up to, and including, 1.4.12, update to a version that fully fixes the vulnerability, as version 1.4.12 only partially addresses the issue. As a temporary workaround, consider restricting access to the vulnerable functions until a fully patched version is available.