PT-2022-12991 · WordPress · Visual Form Builder
Vishnupriya Ilango
·
Published
2022-04-12
·
Updated
2022-06-13
·
CVE-2022-0141
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Visual Form Builder WordPress plugin versions prior to 3.0.8
Description
The issue allows attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks due to the lack of nonce checks.
Recommendations
For versions prior to 3.0.8, update to version 3.0.8 or later to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures to minimize the risk of exploitation.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Visual Form Builder