119 matches found
CVE-2023-5385
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
Design/Logic Flaw
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...
Cross site request forgery (csrf)
The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts...
Design/Logic Flaw
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaddcategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
Design/Logic Flaw
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
Design/Logic Flaw
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
Cross site request forgery (csrf)
The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfdeleteposts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a...
Design/Logic Flaw
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5383 Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication
The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts...
CVE-2023-5383 Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication
The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts...
CVE-2023-5383
The CVE-2023-5383 entry concerns the WordPress Funnelforms Free plugin (
CVE-2023-5387 Funnelforms Free <= 3.4 - Missing Authorization to Enable/Disable Dark Mode
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2triggerdarkmode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and...
CVE-2023-5416
CVE-2023-5416 affects Funnelforms Free for WordPress. The vulnerability is a missing capability check in fnsf_delete_category, allowing authenticated users with subscriber-level permissions and above to delete categories. Affected versions are up to and including 3.4. Connected sources indicate p...
CVE-2023-5411 Funnelforms Free <= 3.4 - Missing Authorization to Post Modification
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2savepost function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5411
CVE-2023-5411 affects Funnelforms Free for WordPress (versions up to 3.4). Root cause: missing capability check in fnsf_af2_save_post, enabling authenticated users with subscriber-level permissions or higher to modify certain post values. Impact is constrained by fixed values passed to wp_update_...
CVE-2023-5382
CVE-2023-5382 affects the Funnelforms Free WordPress plugin. The issue is Cross-Site Request Forgery due to missing or improper nonce validation in the fnsf_delete_posts function, allowing unauthenticated attackers to trigger post deletions by deceiving an admin (for example via a forged link). A...
CVE-2023-5419
CVE-2023-5419 affects the WordPress plugin Funnelforms Free up to version 3.4 . A missing capability check in the function fnsf_af2_test_mail allows authenticated attackers with subscriber-level permissions and above to send test emails to arbitrary addresses, enabling unauthorized data modificat...
CVE-2023-5386 Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5386 Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5386
CVE-2023-5386 affects the Funnelforms Free WordPress plugin (versions up to and including 3.4). Root cause: missing capability check in fnsf_delete_posts, enabling authenticated users with subscriber-level permissions and above to modify data and delete arbitrary posts, including administrator po...