exploitDog

CVE-2022-0141

Опубликовано: 12 апр. 2022

Источник: nvd

CVSS3: 8.1

CVSS2: 5.8

EPSS Низкий

Описание

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks

Ссылки

https://wpscan.com/vulnerability/2adc8390-bb19-4adf-9805-e9c462d14d22
Third Party Advisory
https://www.fortiguard.com/zeroday/FG-VD-21-081
https://wpscan.com/vulnerability/2adc8390-bb19-4adf-9805-e9c462d14d22
Third Party Advisory
https://www.fortiguard.com/zeroday/FG-VD-21-081

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vfbpro:visual_form_builder:*:*:*:*:*:wordpress:*:*

Версия до 3.0.6 (исключая)

EPSS

Процентиль: 25%

0.00089

Низкий

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-35m9-hm95-j6w7

CVSS3: 8.1

github

почти 4 года назад

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks

EPSS

Процентиль: 25%

0.00089

Низкий

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-352