CVE-2022-0140

Published: Apr 12, 2022Modified: Jun 17, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.

Affected (1)

Products: Vfbpro: Visual Form Builder

Vfbpro

1 product

Visual Form Builder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vfbpro Visual Form Builder	Before 3.0.6

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336

Source: contact@wpscan.com

ExploitThird Party Advisory

https://www.fortiguard.com/zeroday/FG-VD-21-082

Source: contact@wpscan.com

Third Party Advisory

https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.fortiguard.com/zeroday/FG-VD-21-082

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.