CVE-2022-34867

HIGH

WP Libre Form < 2.0.8 - Information Disclosure

Title source: rule

Description

Unauthenticated Sensitive Information Disclosure vulnerability in WP Libre Form 2 plugin <= 2.0.8 at WordPress allows attackers to list and delete submissions. Affects only versions from 2.0.0 to 2.0.8.

References (2)

[Patch, Third Party Advisory] https://github.com/libreform/libreform/pull/54/files

[Third Party Advisory] https://patchstack.com/database/vulnerability/libreform/wordpress-wp-libre-form-2-plugin-2-0-8-unauthenticated-sensitive-information-disclosure-vulnerability

Scores

CVSS v3 7.3

EPSS 0.0066

EPSS Percentile 70.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-200 CWE-668

Status published

Affected Products (2)

wp_libre_form_project/wp_libre_form < 2.0.8

libreform/libreform < 2.0.9Packagist

Timeline

Published Sep 06, 2022

Tracked Since Feb 18, 2026