Lucene search
K

119 matches found

OSV
OSV
added 2023/11/22 4:15 p.m.2 views

CVE-2023-5385

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS6.7AI score0.00395EPSS
Exploits0References2
Prion
Prion
added 2023/11/22 4:15 p.m.23 views

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

4CVSS6.7AI score0.00403EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/11/22 4:15 p.m.9 views

Cross site request forgery (csrf)

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts...

4.3CVSS6.8AI score0.00234EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2023/11/22 4:15 p.m.15 views

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaddcategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4CVSS6.7AI score0.00403EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/11/22 4:15 p.m.21 views

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4CVSS6.8AI score0.00395EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/11/22 4:15 p.m.13 views

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4CVSS6.8AI score0.00395EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/11/22 4:15 p.m.14 views

Cross site request forgery (csrf)

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfdeleteposts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a...

4.3CVSS6.8AI score0.00306EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/11/22 4:15 p.m.15 views

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4CVSS6.8AI score0.00408EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2023/11/22 3:33 p.m.20 views

CVE-2023-5383 Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts...

4.3CVSS4.7AI score0.00234EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/11/22 3:33 p.m.3 views

CVE-2023-5383 Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts...

4.3CVSS6.6AI score0.00234EPSS
Exploits2References2
CVE
CVE
added 2023/11/22 3:33 p.m.98 views

CVE-2023-5383

The CVE-2023-5383 entry concerns the WordPress Funnelforms Free plugin (

4.3CVSS6.6AI score0.0027EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2023/11/22 3:33 p.m.14 views

CVE-2023-5387 Funnelforms Free <= 3.4 - Missing Authorization to Enable/Disable Dark Mode

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2triggerdarkmode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and...

4.3CVSS4.6AI score0.00403EPSS
Exploits0References2
CVE
CVE
added 2023/11/22 3:33 p.m.102 views

CVE-2023-5416

CVE-2023-5416 affects Funnelforms Free for WordPress. The vulnerability is a missing capability check in fnsf_delete_category, allowing authenticated users with subscriber-level permissions and above to delete categories. Affected versions are up to and including 3.4. Connected sources indicate p...

4.3CVSS4.6AI score0.00403EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/22 3:33 p.m.28 views

CVE-2023-5411 Funnelforms Free <= 3.4 - Missing Authorization to Post Modification

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2savepost function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS4.6AI score0.00395EPSS
Exploits0References2
CVE
CVE
added 2023/11/22 3:33 p.m.99 views

CVE-2023-5411

CVE-2023-5411 affects Funnelforms Free for WordPress (versions up to 3.4). Root cause: missing capability check in fnsf_af2_save_post, enabling authenticated users with subscriber-level permissions or higher to modify certain post values. Impact is constrained by fixed values passed to wp_update_...

4.3CVSS4.6AI score0.00395EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/11/22 3:33 p.m.88 views

CVE-2023-5382

CVE-2023-5382 affects the Funnelforms Free WordPress plugin. The issue is Cross-Site Request Forgery due to missing or improper nonce validation in the fnsf_delete_posts function, allowing unauthenticated attackers to trigger post deletions by deceiving an admin (for example via a forged link). A...

6.5CVSS4.7AI score0.00306EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/11/22 3:33 p.m.89 views

CVE-2023-5419

CVE-2023-5419 affects the WordPress plugin Funnelforms Free up to version 3.4 . A missing capability check in the function fnsf_af2_test_mail allows authenticated attackers with subscriber-level permissions and above to send test emails to arbitrary addresses, enabling unauthorized data modificat...

4.3CVSS4.7AI score0.00395EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/22 3:33 p.m.26 views

CVE-2023-5386 Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

6.5CVSS6.4AI score0.00408EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/11/22 3:33 p.m.10 views

CVE-2023-5386 Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

6.5CVSS6.7AI score0.00408EPSS
Exploits2References2
CVE
CVE
added 2023/11/22 3:33 p.m.102 views

CVE-2023-5386

CVE-2023-5386 affects the Funnelforms Free WordPress plugin (versions up to and including 3.4). Root cause: missing capability check in fnsf_delete_posts, enabling authenticated users with subscriber-level permissions and above to modify data and delete arbitrary posts, including administrator po...

6.5CVSS6.7AI score0.00408EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder