{"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2023-07-24T09:16:04.380Z"},"title":"Visual Form Builder < 3.0.6 - Unauthenticated Information Disclosure","problemTypes":[{"descriptions":[{"description":"CWE-306 Missing Authentication for Critical Function","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Visual Form Builder","versions":[{"status":"affected","versionType":"custom","version":"0","lessThan":"3.0.6"}],"defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins"}],"descriptions":[{"lang":"en","value":"The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint."}],"references":[{"url":"https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336","tags":["exploit","vdb-entry","technical-description"]},{"url":"https://www.fortiguard.com/zeroday/FG-VD-21-082"}],"credits":[{"lang":"en","value":"Vishnupriya Ilango of Fortinet's FortiGuard Labs","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:18:41.793Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336","tags":["exploit","vdb-entry","technical-description","x_transferred"]},{"url":"https://www.fortiguard.com/zeroday/FG-VD-21-082","tags":["x_transferred"]}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2022-0140","datePublished":"2022-04-12T11:15:20.000Z","dateReserved":"2022-01-06T00:00:00.000Z","dateUpdated":"2024-08-02T23:18:41.793Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}