CVE-2022-0140

Summary

The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.

Affected Software

VendorProductVersion RangeStatus
UnknownVisual Form Builder0 < 3.0.6affected

Weaknesses

  • CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

References