Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfupdatecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaddcategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

CVE-2023-5385

The CVE pertains to the WordPress plugin Funnelforms Free (versions up to 3.4). A missing authorization/capability check in the fnsf_copy_posts function allows authenticated users with subscriber-level permissions and above to copy arbitrary posts, effectively enabling unauthorized data modificat...

CVE-2023-5385 Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Duplication

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

CVE-2023-5387 Funnelforms Free <= 3.4 - Missing Authorization to Enable/Disable Dark Mode

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2triggerdarkmode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and...

CVE-2023-5416 Funnelforms Free <= 3.4 - Missing Authorization to Category Deletion

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2023-5416 Funnelforms Free <= 3.4 - Missing Authorization to Category Deletion

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2023-5314 WP EXtra <= 6.2 - Missing Authorization to Arbitrary Email Sending

The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal...

CVE-2023-5314

WP EXtra plugin for WordPress (any version ≤ 6.2) is affected by a missing capability check in the test-email portion of the register() function, allowing authenticated users with minimal privileges (e.g., subscriber) to send emails with arbitrary content via the site’s mail server. CVSS v3.1 bas...

CVE-2023-2448 UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userproshortcodetemplate' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker ca...

CVE-2023-5415 Funnelforms Free <= 3.4 - Missing Authorization to New Category Creation

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaddcategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

CVE-2023-6007 UserPro <= 5.1.1 - Missing Authorization via multiple functions

The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete use...

CVE-2023-5419 Funnelforms Free <= 3.4 - Missing Authorization to Test Email Sending

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

CVE-2023-5386 Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

CVE-2023-5417 Funnelforms Free <= 3.4 - Missing Authorization to Category Update

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfupdatecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

PT-2023-32091 · WordPress · Funnelforms

Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.4 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify the Funnelforms category for a given post ID due to a missing...

PT-2023-32090 · WordPress · Funnelforms Free

Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.4 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data without authorization. This is due to a missing capabili...

PT-2023-32085 · WordPress · Funnelforms Free

Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.4 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data without authorization due to a missing capability check ...