CVE-2022-0141: 
WordPress vulnerability analysis and mitigation

CVE-2022-0141 affects the Visual Form Builder WordPress plugin versions before 3.0.8. The vulnerability was discovered by Vishnupriya Ilango of Fortinet's FortiGuard Labs and was publicly disclosed on April 11, 2022. This security issue involves a Cross-Site Request Forgery (CSRF) vulnerability that affects the form entries management functionality (WPScan).

The vulnerability stems from the plugin's failure to implement proper nonce checks in its form entry management system. This security oversight allows for CSRF attacks that can be exploited when an administrator or editor is logged in. The vulnerability has been assigned a CVSS score of 6.1 (medium) and is classified under CWE-352. The issue falls under the OWASP Top 10 category A2: Broken Authentication and Session Management (WPScan).

The vulnerability allows attackers to manipulate form entries through unauthorized actions. Specifically, attackers can force logged-in administrators or editors to delete and restore arbitrary form entries without their knowledge or consent (CVE Mitre).

The vulnerability has been fixed in Visual Form Builder version 3.0.8. Users are advised to update their plugin to this version or later to mitigate the risk. No alternative workarounds have been publicly documented (WPScan).