The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint..
| Info | Details |
|---|---|
| CVE ID | CVE-2022-0140 |
| CVE State | PUBLISHED |
| BaseScore | NA |
| BaseSeverity | NA |
| VectorString | NA |
| Version | NA |
References for CVE-2022-0140 :
https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336
https://www.fortiguard.com/zeroday/FG-VD-21-082
| Metric Type | Metric Score |
|---|---|
| AttackVector(AV) | NA |
| AttackComplexity(AC) | NA |
| PrivilegesRequired(PR) | NA |
| UserInteraction(UI) | NA |
| Scope(S) | NA |
| Confidentiality(C) | NA |
| Availability(A) | NA |
| Integrity(I) | NA |