Search criteria
10 vulnerabilities found for Visual Form Builder by Unknown
CVE-2022-1046 (GCVE-0-2022-1046)
Vulnerability from cvelistv5 – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:47
VLAI?
Title
Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting
Summary
The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Visual Form Builder |
Affected:
3.0.7 , < 3.0.7
(custom)
|
Credits
Akash Rajendra Patil
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a1ae4512-0b5b-4f36-8334-14633bf24758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Visual Form Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.7",
"status": "affected",
"version": "3.0.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Akash Rajendra Patil"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form\u0027s \u0027Email to\u0027 field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:48",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a1ae4512-0b5b-4f36-8334-14633bf24758"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Visual Form Builder \u003c 3.0.7 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1046",
"STATE": "PUBLIC",
"TITLE": "Visual Form Builder \u003c 3.0.7 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Visual Form Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.7",
"version_value": "3.0.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Akash Rajendra Patil"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form\u0027s \u0027Email to\u0027 field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a1ae4512-0b5b-4f36-8334-14633bf24758",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a1ae4512-0b5b-4f36-8334-14633bf24758"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1046",
"datePublished": "2022-05-02T16:05:48",
"dateReserved": "2022-03-22T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0142 (GCVE-0-2022-0142)
Vulnerability from cvelistv5 – Published: 2022-04-12 11:15 – Updated: 2024-08-02 23:18
VLAI?
Title
Visual Form Builder < 3.0.6 - CSV Injection
Summary
The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Severity ?
No CVSS data available.
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Visual Form Builder |
Affected:
3.0.8 , < 3.0.8
(custom)
|
Credits
Vishnupriya Ilango of Fortinet's FortiGuard Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/03210390-2054-40c0-9508-39d168087878"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Visual Form Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vishnupriya Ilango of Fortinet\u0027s FortiGuard Labs"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T12:41:27",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/03210390-2054-40c0-9508-39d168087878"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-080"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Visual Form Builder \u003c 3.0.6 - CSV Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0142",
"STATE": "PUBLIC",
"TITLE": "Visual Form Builder \u003c 3.0.6 - CSV Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Visual Form Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.8",
"version_value": "3.0.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vishnupriya Ilango of Fortinet\u0027s FortiGuard Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/03210390-2054-40c0-9508-39d168087878",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/03210390-2054-40c0-9508-39d168087878"
},
{
"name": "https://www.fortiguard.com/zeroday/FG-VD-21-080",
"refsource": "MISC",
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-080"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0142",
"datePublished": "2022-04-12T11:15:23",
"dateReserved": "2022-01-06T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0141 (GCVE-0-2022-0141)
Vulnerability from cvelistv5 – Published: 2022-04-12 11:15 – Updated: 2024-08-02 23:18
VLAI?
Title
Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF
Summary
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Visual Form Builder |
Affected:
3.0.8 , < 3.0.8
(custom)
|
Credits
Vishnupriya Ilango of Fortinet's FortiGuard Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2adc8390-bb19-4adf-9805-e9c462d14d22"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Visual Form Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vishnupriya Ilango of Fortinet\u0027s FortiGuard Labs"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T12:41:26",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2adc8390-bb19-4adf-9805-e9c462d14d22"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-081"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Visual Form Builder \u003c 3.0.8 - Entries Deletion/Restoration via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0141",
"STATE": "PUBLIC",
"TITLE": "Visual Form Builder \u003c 3.0.8 - Entries Deletion/Restoration via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Visual Form Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.8",
"version_value": "3.0.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vishnupriya Ilango of Fortinet\u0027s FortiGuard Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2adc8390-bb19-4adf-9805-e9c462d14d22",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2adc8390-bb19-4adf-9805-e9c462d14d22"
},
{
"name": "https://www.fortiguard.com/zeroday/FG-VD-21-081",
"refsource": "MISC",
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-081"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0141",
"datePublished": "2022-04-12T11:15:22",
"dateReserved": "2022-01-06T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0140 (GCVE-0-2022-0140)
Vulnerability from cvelistv5 – Published: 2022-04-12 11:15 – Updated: 2024-08-02 23:18
VLAI?
Title
Visual Form Builder < 3.0.6 - Unauthenticated Information Disclosure
Summary
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Visual Form Builder |
Affected:
0 , < 3.0.6
(custom)
|
Credits
Vishnupriya Ilango of Fortinet's FortiGuard Labs
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Visual Form Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vishnupriya Ilango of Fortinet\u0027s FortiGuard Labs"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T09:16:04.380Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336"
},
{
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-082"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Visual Form Builder \u003c 3.0.6 - Unauthenticated Information Disclosure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0140",
"datePublished": "2022-04-12T11:15:20",
"dateReserved": "2022-01-06T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24514 (GCVE-0-2021-24514)
Vulnerability from cvelistv5 – Published: 2021-10-25 13:20 – Updated: 2024-08-03 19:35
VLAI?
Title
Visual Form Builder < 3.0.4 - Admin+ Stored Cross-Site Scripting
Summary
The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Visual Form Builder |
Affected:
3.0.4 , < 3.0.4
(custom)
|
Credits
Felipe Restrepo Rodriguez
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:19.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/0afa78d3-2403-4e0c-8f16-5b7874b03cd2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Visual Form Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.4",
"status": "affected",
"version": "3.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Felipe Restrepo Rodriguez"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-25T13:20:39",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/0afa78d3-2403-4e0c-8f16-5b7874b03cd2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Visual Form Builder \u003c 3.0.4 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24514",
"STATE": "PUBLIC",
"TITLE": "Visual Form Builder \u003c 3.0.4 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Visual Form Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.4",
"version_value": "3.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Felipe Restrepo Rodriguez"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/0afa78d3-2403-4e0c-8f16-5b7874b03cd2",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0afa78d3-2403-4e0c-8f16-5b7874b03cd2"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24514",
"datePublished": "2021-10-25T13:20:39",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:19.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1046 (GCVE-0-2022-1046)
Vulnerability from nvd – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:47
VLAI?
Title
Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting
Summary
The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Visual Form Builder |
Affected:
3.0.7 , < 3.0.7
(custom)
|
Credits
Akash Rajendra Patil
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a1ae4512-0b5b-4f36-8334-14633bf24758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Visual Form Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.7",
"status": "affected",
"version": "3.0.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Akash Rajendra Patil"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form\u0027s \u0027Email to\u0027 field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T16:05:48",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a1ae4512-0b5b-4f36-8334-14633bf24758"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Visual Form Builder \u003c 3.0.7 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1046",
"STATE": "PUBLIC",
"TITLE": "Visual Form Builder \u003c 3.0.7 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Visual Form Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.7",
"version_value": "3.0.7"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Akash Rajendra Patil"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form\u0027s \u0027Email to\u0027 field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a1ae4512-0b5b-4f36-8334-14633bf24758",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a1ae4512-0b5b-4f36-8334-14633bf24758"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1046",
"datePublished": "2022-05-02T16:05:48",
"dateReserved": "2022-03-22T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0142 (GCVE-0-2022-0142)
Vulnerability from nvd – Published: 2022-04-12 11:15 – Updated: 2024-08-02 23:18
VLAI?
Title
Visual Form Builder < 3.0.6 - CSV Injection
Summary
The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
Severity ?
No CVSS data available.
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Visual Form Builder |
Affected:
3.0.8 , < 3.0.8
(custom)
|
Credits
Vishnupriya Ilango of Fortinet's FortiGuard Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/03210390-2054-40c0-9508-39d168087878"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Visual Form Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vishnupriya Ilango of Fortinet\u0027s FortiGuard Labs"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T12:41:27",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/03210390-2054-40c0-9508-39d168087878"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-080"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Visual Form Builder \u003c 3.0.6 - CSV Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0142",
"STATE": "PUBLIC",
"TITLE": "Visual Form Builder \u003c 3.0.6 - CSV Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Visual Form Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.8",
"version_value": "3.0.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vishnupriya Ilango of Fortinet\u0027s FortiGuard Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/03210390-2054-40c0-9508-39d168087878",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/03210390-2054-40c0-9508-39d168087878"
},
{
"name": "https://www.fortiguard.com/zeroday/FG-VD-21-080",
"refsource": "MISC",
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-080"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0142",
"datePublished": "2022-04-12T11:15:23",
"dateReserved": "2022-01-06T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0141 (GCVE-0-2022-0141)
Vulnerability from nvd – Published: 2022-04-12 11:15 – Updated: 2024-08-02 23:18
VLAI?
Title
Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF
Summary
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Visual Form Builder |
Affected:
3.0.8 , < 3.0.8
(custom)
|
Credits
Vishnupriya Ilango of Fortinet's FortiGuard Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2adc8390-bb19-4adf-9805-e9c462d14d22"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Visual Form Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vishnupriya Ilango of Fortinet\u0027s FortiGuard Labs"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T12:41:26",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2adc8390-bb19-4adf-9805-e9c462d14d22"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-081"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Visual Form Builder \u003c 3.0.8 - Entries Deletion/Restoration via CSRF",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0141",
"STATE": "PUBLIC",
"TITLE": "Visual Form Builder \u003c 3.0.8 - Entries Deletion/Restoration via CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Visual Form Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.8",
"version_value": "3.0.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vishnupriya Ilango of Fortinet\u0027s FortiGuard Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2adc8390-bb19-4adf-9805-e9c462d14d22",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2adc8390-bb19-4adf-9805-e9c462d14d22"
},
{
"name": "https://www.fortiguard.com/zeroday/FG-VD-21-081",
"refsource": "MISC",
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-081"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0141",
"datePublished": "2022-04-12T11:15:22",
"dateReserved": "2022-01-06T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0140 (GCVE-0-2022-0140)
Vulnerability from nvd – Published: 2022-04-12 11:15 – Updated: 2024-08-02 23:18
VLAI?
Title
Visual Form Builder < 3.0.6 - Unauthenticated Information Disclosure
Summary
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Visual Form Builder |
Affected:
0 , < 3.0.6
(custom)
|
Credits
Vishnupriya Ilango of Fortinet's FortiGuard Labs
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Visual Form Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vishnupriya Ilango of Fortinet\u0027s FortiGuard Labs"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-24T09:16:04.380Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/9fa2b3b6-2fe3-40f0-8f71-371dd58fe336"
},
{
"url": "https://www.fortiguard.com/zeroday/FG-VD-21-082"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Visual Form Builder \u003c 3.0.6 - Unauthenticated Information Disclosure",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0140",
"datePublished": "2022-04-12T11:15:20",
"dateReserved": "2022-01-06T00:00:00",
"dateUpdated": "2024-08-02T23:18:41.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24514 (GCVE-0-2021-24514)
Vulnerability from nvd – Published: 2021-10-25 13:20 – Updated: 2024-08-03 19:35
VLAI?
Title
Visual Form Builder < 3.0.4 - Admin+ Stored Cross-Site Scripting
Summary
The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Visual Form Builder |
Affected:
3.0.4 , < 3.0.4
(custom)
|
Credits
Felipe Restrepo Rodriguez
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:19.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/0afa78d3-2403-4e0c-8f16-5b7874b03cd2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Visual Form Builder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.0.4",
"status": "affected",
"version": "3.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Felipe Restrepo Rodriguez"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-25T13:20:39",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/0afa78d3-2403-4e0c-8f16-5b7874b03cd2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Visual Form Builder \u003c 3.0.4 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24514",
"STATE": "PUBLIC",
"TITLE": "Visual Form Builder \u003c 3.0.4 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Visual Form Builder",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.0.4",
"version_value": "3.0.4"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Felipe Restrepo Rodriguez"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visual Form Builder WordPress plugin before 3.0.4 does not sanitise or escape its Form Name, allowing high privilege users such as admin to set Cross-Site Scripting payload in them, even when the unfiltered_html capability is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/0afa78d3-2403-4e0c-8f16-5b7874b03cd2",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0afa78d3-2403-4e0c-8f16-5b7874b03cd2"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24514",
"datePublished": "2021-10-25T13:20:39",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:19.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}