CVE-2022-0140

MEDIUM NUCLEI

Visual Form Builder <3.0.6 - Info Disclosure

Title source: llm

Description

The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.

Nuclei Templates (1)

WordPress Visual Form Builder <3.0.8 - Information Disclosure

MEDIUMby random-robbie

References (2)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336

[Third Party Advisory] https://www.fortiguard.com/zeroday/FG-VD-21-082

Scores

CVSS v3 5.3

EPSS 0.1219

EPSS Percentile 93.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-306

Status published

Products (1)

vfbpro/visual_form_builder < 3.0.6

Published Apr 12, 2022

Tracked Since Feb 18, 2026