Vfbpro Visual Form Builder — known CVE vulnerabilities
Every CVE whose affected-product data names Vfbpro Visual Form Builder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2022-0142 — CVSS 9.8 (critical): The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to…
CVE-2022-0141 — CVSS 8.1 (high): The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin…
CVE-2022-0140 — CVSS 5.3 (medium): The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users…
CVE-2021-24514 — CVSS 4.8 (medium): The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as…
CVE-2022-1046 — CVSS 4.8 (medium): The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high…