CVE-2022-0140

The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt