2 matches found
CVE-2023-5387
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2triggerdarkmode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and...
CVE-2023-5387
CVE-2023-5387 affects the WordPress plugin Funnelforms Free (up to version 3.4). The root cause is a missing capability check in the function fnsf_af2_trigger_dark_mode , allowing authenticated users with subscriber-level permissions and above to remotely enable or disable the plugin’s dark mode ...