CVE-2022-0140

medium

Description

The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.

References

Advisories
Exploits

https://www.fortiguard.com/zeroday/FG-VD-21-082

https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336

Details

Source: Mitre, NVD

Published: 2022-04-12

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N