CVE-2023-5383

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts...

CVE-2023-5387

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2triggerdarkmode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and...

CVE-2023-5382

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfdeleteposts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a...

Cross site request forgery (csrf)

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfdeleteposts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a...

Cross site request forgery (csrf)

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts...

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

Design/Logic Flaw

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaddcategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

CVE-2023-5385

The CVE pertains to the WordPress plugin Funnelforms Free (versions up to 3.4). A missing authorization/capability check in the fnsf_copy_posts function allows authenticated users with subscriber-level permissions and above to copy arbitrary posts, effectively enabling unauthorized data modificat...

CVE-2023-5385 Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Duplication

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

CVE-2023-5383 Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts...

CVE-2023-5383

The CVE-2023-5383 entry concerns the WordPress Funnelforms Free plugin (

CVE-2023-5383 Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts...

CVE-2023-5387

CVE-2023-5387 affects the WordPress plugin Funnelforms Free (up to version 3.4). The root cause is a missing capability check in the function fnsf_af2_trigger_dark_mode , allowing authenticated users with subscriber-level permissions and above to remotely enable or disable the plugin’s dark mode ...

CVE-2023-5387 Funnelforms Free <= 3.4 - Missing Authorization to Enable/Disable Dark Mode

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2triggerdarkmode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and...

CVE-2023-5416

CVE-2023-5416 affects Funnelforms Free for WordPress. The vulnerability is a missing capability check in fnsf_delete_category, allowing authenticated users with subscriber-level permissions and above to delete categories. Affected versions are up to and including 3.4. Connected sources indicate p...

CVE-2023-5411

CVE-2023-5411 affects Funnelforms Free for WordPress (versions up to 3.4). Root cause: missing capability check in fnsf_af2_save_post, enabling authenticated users with subscriber-level permissions or higher to modify certain post values. Impact is constrained by fixed values passed to wp_update_...

CVE-2023-5411 Funnelforms Free <= 3.4 - Missing Authorization to Post Modification

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2savepost function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...