3 matches found
CVE-2022-0141
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks...
CVE-2022-0141 Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks...
CVE-2022-0141
The CVE details a CSRF vulnerability in the WordPress Visual Form Builder plugin, affecting versions prior to 3.0.8. The root cause is that nonce checks are not enforced, allowing an attacker who can lure a logged-in admin/editor to perform actions that delete and restore arbitrary form entries. ...