Description
WordPress Plugin Contact Form Builder-a plugin for creating contact and feedback forms is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Contact Form Builder-a plugin for creating contact and feedback forms version 1.0.68 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 1.0.69 or latest
References
https://pvagenas.com/vulnerabilities/contact-form-builder-csrf/
https://www.exploit-db.com/exploits/46734
https://packetstormsecurity.com/files/152579/WordPress-Contact-Form-Builder-1.0.67-CSRF-LFI.html
https://plugins.svn.wordpress.org/contact-form-builder/trunk/readme.txt
Related Vulnerabilities
ATutor Incorrect Authorization Vulnerability (CVE-2019-16114)
WordPress Plugin SEO Smart Links Cross-Site Scripting (3.0.1)
WordPress Plugin Awesome Support-WordPress HelpDesk & Support Cross-Site Scripting (3.2.9)
Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-35525)
WordPress Plugin Edwiser Bridge-WordPress Moodle LMS Integration Unspecified Vulnerability (2.0.7)