Description
WordPress Plugin Contact Form Builder-a plugin for creating contact and feedback forms is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Contact Form Builder-a plugin for creating contact and feedback forms version 1.0.68 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 1.0.69 or latest
References
https://pvagenas.com/vulnerabilities/contact-form-builder-csrf/
https://www.exploit-db.com/exploits/46734
https://packetstormsecurity.com/files/152579/WordPress-Contact-Form-Builder-1.0.67-CSRF-LFI.html
https://plugins.svn.wordpress.org/contact-form-builder/trunk/readme.txt
Related Vulnerabilities
Joomla Improper Input Validation Vulnerability (CVE-2015-8564)
Apache HTTP Server CVE-2007-3304 Vulnerability (CVE-2007-3304)
Oracle Application Server Other Vulnerability (CVE-2002-0386)
Python Integer Overflow or Wraparound Vulnerability (CVE-2016-9063)
WordPress Plugin Real-Time Find and Replace Cross-Site Request Forgery (3.9)