exploitDog

CVE-2022-0140

Опубликовано: 12 апр. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.

Ссылки

https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336
Exploit
Third Party Advisory
https://www.fortiguard.com/zeroday/FG-VD-21-082
Third Party Advisory
https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336
Exploit
Third Party Advisory
https://www.fortiguard.com/zeroday/FG-VD-21-082
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vfbpro:visual_form_builder:*:*:*:*:*:wordpress:*:*

Версия до 3.0.6 (исключая)

EPSS

Процентиль: 93%

0.09629

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-rmwm-c9cm-59pw

CVSS3: 5.3

github

почти 4 года назад

The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.

EPSS

Процентиль: 93%

0.09629

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306

Уязвимость CVE-2022-0140