CVE-2024-5325
📋 TL;DR
The Form Vibes WordPress plugin has a SQL injection vulnerability that allows authenticated attackers with Subscriber-level access or higher to execute arbitrary SQL queries. This can lead to extraction of sensitive data from the database, including user credentials, form submissions, and other WordPress site data. All WordPress sites using Form Vibes version 1.4.10 or earlier are affected.
💻 Affected Systems
- WordPress Form Vibes plugin
📦 What is this software?
Form Vibes by Wpvibes
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to credential theft, data exfiltration, privilege escalation, and potential site takeover.
Likely Case
Extraction of sensitive form data, user information, and potentially WordPress authentication credentials.
If Mitigated
Limited impact if proper input validation and parameterized queries are implemented, restricting unauthorized database access.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once authentication is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.11 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3115288/form-vibes/trunk/inc/classes/query.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Form Vibes and click 'Update Now'. 4. Alternatively, download version 1.4.11+ from WordPress.org and replace the plugin files.
🔧 Temporary Workarounds
Disable vulnerable endpoint
allRemove or restrict access to the vulnerable fv_export_data functionality
Add to theme's functions.php: remove_action('wp_ajax_fv_export_data', 'fv_export_data_callback');
Restrict user roles
allTemporarily limit Subscriber and higher role access to plugin functionality
Use WordPress role management plugins to restrict capabilities
🧯 If You Can't Patch
- Disable the Form Vibes plugin entirely until patched
- Implement web application firewall rules to block SQL injection patterns targeting the fv_export_data parameter
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Form Vibes → Version. If version is 1.4.10 or earlier, you are vulnerable.Check Version:
wp plugin list --name=form-vibes --field=version (if WP-CLI installed)Verify Fix Applied:
Verify Form Vibes version is 1.4.11 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual database queries from WordPress users
- Multiple export requests from single user
- SQL error messages in logs
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with fv_export_data parameter containing SQL syntax
SIEM Query:
source="wordpress.log" AND "fv_export_data" AND ("UNION" OR "SELECT" OR "FROM" OR "WHERE")🔗 References
- https://plugins.trac.wordpress.org/changeset/3115288/form-vibes/trunk/inc/classes/query.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a3311097-d477-441e-9bf3-3f991a9b6af9?source=cve
- https://plugins.trac.wordpress.org/changeset/3115288/form-vibes/trunk/inc/classes/query.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a3311097-d477-441e-9bf3-3f991a9b6af9?source=cve
