Description
WordPress Plugin Contact Form Builder-a plugin for creating contact and feedback forms is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Contact Form Builder-a plugin for creating contact and feedback forms version 1.0.68 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 1.0.69 or latest
References
https://pvagenas.com/vulnerabilities/contact-form-builder-csrf/
https://www.exploit-db.com/exploits/46734
https://packetstormsecurity.com/files/152579/WordPress-Contact-Form-Builder-1.0.67-CSRF-LFI.html
https://plugins.svn.wordpress.org/contact-form-builder/trunk/readme.txt