CVE-2022-0141
published 2022-04-12CVE-2022-0141: The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and…
PriorityP432high8.1CVSS 3.1
AVNACLPRNUIRSUCNIHAH
EPSS
0.45%
36.1th percentile
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| vfbpro | visual_form_builder | < 3.0.6 | 3.0.6 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-35m9-hm95-j6w7: The Visual Form Builder WordPress plugin before 3
ghsa_unreviewed·2022-04-13
CVE-2022-0141 [HIGH] CWE-352 GHSA-35m9-hm95-j6w7: The Visual Form Builder WordPress plugin before 3
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks
Chrome
Stable Channel Update for Desktop: CVE-2023-0141
vendor_chrome·2023-01-10·CVSS 4.3
CVE-2023-0141 [LOW] Stable Channel Update for Desktop: CVE-2023-0141
Stable Channel Update for Desktop
CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
Severity: low
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-12
Published