Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:31 a.m.14 views

CVE-2023-5385

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS6.6AI score0.00395EPSS
Exploits0References1
NVD
NVD
added 2023/11/22 4:15 p.m.25 views

CVE-2023-5385

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS0.00395EPSS
Exploits0References2
OSV
OSV
added 2023/11/22 4:15 p.m.2 views

CVE-2023-5385

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS6.7AI score0.00395EPSS
Exploits0References2
CVE
CVE
added 2023/11/22 3:33 p.m.108 views

CVE-2023-5385

The CVE pertains to the WordPress plugin Funnelforms Free (versions up to 3.4). A missing authorization/capability check in the fnsf_copy_posts function allows authenticated users with subscriber-level permissions and above to copy arbitrary posts, effectively enabling unauthorized data modificat...

4.3CVSS4.7AI score0.00395EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/11/02 12:0 a.m.10 views

WordPress Funnelforms Free Plugin <= 3.4 is vulnerable to Broken Access Control

Software Funnelforms Free Type Plugin Vulnerable versions = 3.4 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5385 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dbef4dc9af18 Credits WordFence Required privilege...

4.3CVSS6.5AI score0.00395EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder