Vfbpro Visual_form_builder
5 CVEs affecting Vfbpro Visual_form_builder. Latest disclosed: 2022-05-02. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-0142 | Critical | 9.8 | 2022-04-12 | The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that w… |
CVE-2022-0141 | High | 8.1 | 2022-04-12 | The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and… |
CVE-2022-0140 | Medium | 5.3 | 2022-04-12 | The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entr… |
CVE-2022-1046 | Medium | 4.8 | 2022-05-02 | The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perf… |
CVE-2021-24514 | Medium | 4.8 | 2021-10-25 | The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site… |