First published: Tue Apr 12 2022(Updated: )
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Vfbpro Visual Form Builder | <3.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-0141 is high with a severity value of 8.1.
The vulnerability in the Visual Form Builder WordPress plugin is the lack of enforcement of nonce checks.
An attacker can exploit CVE-2022-0141 by performing CSRF attacks to make a logged in admin or editor delete and restore arbitrary form entries.
Versions up to and excluding 3.0.6 of the Visual Form Builder plugin are affected by CVE-2022-0141.
Yes, you can find references for CVE-2022-0141 at the following URLs: [Reference 1](https://wpscan.com/vulnerability/2adc8390-bb19-4adf-9805-e9c462d14d22), [Reference 2](https://www.fortiguard.com/zeroday/FG-VD-21-081).