daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixing vulnerability name

main
Krzysztof Zając 2024-07-19 08:33:35 +02:00
parent 84a2749594
commit 68f003f136
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
http/cves/2022/CVE-2022-0140.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-0140
info:
name: WordPress Visual Form Builder <3.0.8 - Cross-Site Scripting
name: WordPress Visual Form Builder <3.0.8 - Information Disclosure
author: random-robbie
severity: medium
description: |
WordPress Visual Form Builder plugin before 3.0.8 contains a cross-site scripting vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.
WordPress Visual Form Builder plugin before 3.0.8 contains a information disclosure vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.
impact: |
Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
@ -29,7 +29,7 @@ info:
vendor: vfbpro
product: visual_form_builder
framework: wordpress
tags: cve,cve2022,wpscan,xss,wordpress,vfbpro
tags: cve,cve2022,wpscan,disclosure,wordpress,vfbpro
http:
- raw: