Description
WordPress Plugin Contact Form Builder-a plugin for creating contact and feedback forms is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Contact Form Builder-a plugin for creating contact and feedback forms version 1.0.68 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 1.0.69 or latest
References
https://pvagenas.com/vulnerabilities/contact-form-builder-csrf/
https://www.exploit-db.com/exploits/46734
https://packetstormsecurity.com/files/152579/WordPress-Contact-Form-Builder-1.0.67-CSRF-LFI.html
https://plugins.svn.wordpress.org/contact-form-builder/trunk/readme.txt
Related Vulnerabilities
MySQL CVE-2021-35643 Vulnerability (CVE-2021-35643)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.75)
Nginx Out-of-bounds Write Vulnerability (CVE-2011-4315)
Drupal Core 9.1.x Multiple Security Bypass Vulnerabilities (9.1.0 - 9.1.12)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-9548)