5.3
CVE-2022-0140
- EPSS 3.77%
- Veröffentlicht 12.04.2022 12:15:08
- Zuletzt bearbeitet 21.11.2024 06:37:59
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginVisual Form Builder < 3.0.6 - Unauthenticated Information Disclosure
Visual Form Builder <= 3.0.5 - Unauthenticated Information Disclosure
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.
Mögliche Gegenmaßnahme
Visual Form Builder: Update to version 3.0.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vfbpro ≫ Visual Form Builder SwPlatformwordpress Version < 3.0.6
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Visual Form Builder
Version
[*, 3.0.6)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.77% | 0.885 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336
https://www.fortiguard.com/zeroday/FG-VD-21-082
https://www.wordfence.com/threat-intel/vulnerabilities/id/4fe81113-6ed1-48f2-a6d0-db4c19f6df10