CVE-2022-0141

CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
8.1HIGH
EPSS
0.1%
top 74.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Visual Form BuilderVfbpro Visual Form Builder
Timeline
PublishedApr 12
Latest updateJan 10

Description

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5unknown/visual_form_builder3.0.83.0.8

🔴Vulnerability Details

2
GHSA
GHSA-35m9-hm95-j6w7: The Visual Form Builder WordPress plugin before 32022-04-13
CVEList
Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF2022-04-12

📋Vendor Advisories

1
Chrome
Stable Channel Update for Desktop: CVE-2023-01412023-01-10
CVE-2022-0141 (HIGH CVSS 8.1) | The Visual Form Builder WordPress p | cvebase.io