Refine your search
3 vulnerabilities found for VibeBP by VibeThemes
CVE-2024-56040 (GCVE-0-2024-56040)
Vulnerability from cvelistv5
Published
2024-12-31 13:15
Modified
2026-04-01 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-266 - Incorrect Privilege Assignment
Summary
Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a through <= 1.9.9.4.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VibeThemes | VibeBP |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T15:05:47.424926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T15:05:55.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "vibebp",
"product": "VibeBP",
"vendor": "VibeThemes",
"versions": [
{
"changes": [
{
"at": "1.9.9.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.9.9.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:58.749Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.\u003cp\u003eThis issue affects VibeBP: from n/a through \u003c= 1.9.9.4.1.\u003c/p\u003e"
}
],
"value": "Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a through \u003c= 1.9.9.4.1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:40:24.068Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/vibebp/vulnerability/wordpress-vibebp-plugin-1-9-9-4-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "WordPress VibeBP plugin \u003c= 1.9.9.4.1 - Unauthenticated Privilege Escalation vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-56040",
"datePublished": "2024-12-31T13:15:11.807Z",
"dateReserved": "2024-12-14T19:42:50.708Z",
"dateUpdated": "2026-04-01T15:40:24.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56041 (GCVE-0-2024-56041)
Vulnerability from cvelistv5
Published
2024-12-31 12:57
Modified
2026-04-01 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through < 1.9.9.5.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VibeThemes | VibeBP |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T15:08:46.725125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T15:08:58.362Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "vibebp",
"product": "VibeBP",
"vendor": "VibeThemes",
"versions": [
{
"changes": [
{
"at": "1.9.9.5.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.9.9.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:57.654Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.\u003cp\u003eThis issue affects VibeBP: from n/a through \u003c 1.9.9.5.1.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through \u003c 1.9.9.5.1."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:40:24.230Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/vibebp/vulnerability/wordpress-vibebp-plugin-1-9-9-5-1-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress VibeBP plugin \u003c 1.9.9.5.1 - SQL Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-56041",
"datePublished": "2024-12-31T12:57:11.222Z",
"dateReserved": "2024-12-14T19:42:50.708Z",
"dateUpdated": "2026-04-01T15:40:24.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56039 (GCVE-0-2024-56039)
Vulnerability from cvelistv5
Published
2024-12-31 12:55
Modified
2026-04-01 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through < 1.9.9.7.7.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VibeThemes | VibeBP |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T16:12:36.230348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T16:12:43.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "vibebp",
"product": "VibeBP",
"vendor": "VibeThemes",
"versions": [
{
"changes": [
{
"at": "1.9.9.7.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.9.9.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:59.223Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.\u003cp\u003eThis issue affects VibeBP: from n/a through \u003c 1.9.9.7.7.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through \u003c 1.9.9.7.7."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:40:23.922Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/vibebp/vulnerability/wordpress-vibebp-plugin-1-9-9-7-7-unauthenticated-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress VibeBP plugin \u003c 1.9.9.7.7 - Unauthenticated SQL Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-56039",
"datePublished": "2024-12-31T12:55:10.616Z",
"dateReserved": "2024-12-14T19:42:50.707Z",
"dateUpdated": "2026-04-01T15:40:23.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}