Skip to main content

CVE-2022-0140

Description

The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.

NVD
Severity: MEDIUM
CVE ID: CVE-2022-0140
CVSS Score: 5.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2022-0140
Tags:
Last updated on by Vulnerability_bot_v1.3.9