{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T15:19:05.546","vulnerabilities":[{"cve":{"id":"CVE-2025-24672","sourceIdentifier":"audit@patchstack.com","published":"2025-01-24T18:15:40.890","lastModified":"2026-04-23T15:25:15.573","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople Form Builder CP cp-easy-form-builder allows SQL Injection.This issue affects Form Builder CP: from n/a through <= 1.2.41."},{"lang":"es","value":"La vulnerabilidad de neutralización inadecuada de elementos especiales utilizados en un comando SQL ('Inyección SQL') en CodePeople Form Builder CP permite la inyección SQL. Este problema afecta al módulo de control de Form Builder desde la versión n/a hasta la versión 1.2.41."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":4.7}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/cp-easy-form-builder/vulnerability/wordpress-form-builder-cp-plugin-1-2-41-sql-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}}]}