5 matches found
CVE-2023-5385
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5385
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5385
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5385
The CVE pertains to the WordPress plugin Funnelforms Free (versions up to 3.4). A missing authorization/capability check in the fnsf_copy_posts function allows authenticated users with subscriber-level permissions and above to copy arbitrary posts, effectively enabling unauthorized data modificat...
WordPress Funnelforms Free Plugin <= 3.4 is vulnerable to Broken Access Control
Software Funnelforms Free Type Plugin Vulnerable versions = 3.4 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5385 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dbef4dc9af18 Credits WordFence Required privilege...