53 matches found
WordPress Visual Form Builder <3.0.8 - Information Disclosure
WordPress Visual Form Builder plugin before 3.0.8 contains a information disclosure vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint. id: CVE-2022-0140 info: name:...
CVE-2022-0142
The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...
CVE-2022-0141
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks...
VulnCheck KEV: CVE-2022-0142
The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...
EUVD-2021-11426
Malware in sbrugna...
EUVD-2022-15354
Malicious code in bioql PyPI...
EUVD-2022-15353
Malicious code in bioql PyPI...
EUVD-2022-15355
Malicious code in bioql PyPI...
CVE-2022-1046
The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24514
The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfilteredhtml capability is disallowed...
WordPress Visual Form Builder plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Visual Form Builder plugin prior...
CVE-2022-1046
The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-1046
The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-1046
The CVE-2022-1046 entry concerns the WordPress Visual Form Builder plugin prior to 3.0.7. The vulnerability arises because the plugin does not sanitize and escape the form field labeled 'Email to', enabling stored Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_html is dis...
CVE-2022-1046 Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting
The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress plugin Visual Form Builder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Visual Form Builder plugin prior...
WordPress Visual Form Builder plugin跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress Visual Form Builder plugin versions prio...
WordPress Visual Form Builder plugin CSV注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. versions prior to WordPress Visual Form Builder...
CVE-2022-0142
The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...