2 matches found
CVE-2022-0142 Visual Form Builder < 3.0.6 - CSV Injection
The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...
CVE-2022-0142
The CVE-2022-0142 entry concerns the WordPress Visual Form Builder plugin, affected version(s) before 3.0.8. The vulnerability is a CSV injection flaw that allows a user with low or no privileges to inject a command into exported CSV data, with the potential for code execution. Concretely, the is...