Fortinet Discovers WordPress Visual Form Builder Plugin CSRF Vulnerability
Fortinet's FortiGuard Labs has discovered a CSRF (Cross-Site Request Forgery) vulnerability in WordPress Visual Form Builder Plugin.
Visual Form Builder is a plugin that allows you to build and manage all kinds of forms for your website in a single place. It has over 50,000+ active installations.
The Visual Form Builder plugin does not enforce nonce checks which could allow attackers to make a logged-in admin or editor delete form entries via a CSRF attack.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Jun 06, 2022
Upgrade to version 3.0.8 or higher.
Fortinet reported the vulnerability to VFBpro team on Oct 29, 2021
VFBpro Team confirmed the vulnerability on Nov 3, 2021
VFBpro Team patched the vulnerability on April 11, 2022