156 matches found
CVE-2023-5382
CVE-2023-5382 affects the Funnelforms Free WordPress plugin. The issue is Cross-Site Request Forgery due to missing or improper nonce validation in the fnsf_delete_posts function, allowing unauthenticated attackers to trigger post deletions by deceiving an admin (for example via a forged link). A...
CVE-2023-5382 Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Deletion
The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfdeleteposts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a...
CVE-2023-5415
CVE-2023-5415 concerns the WordPress plugin Funnelforms Free. The vulnerability arises from a missing capability check in the fnsf_add_category function, allowing authenticated users with subscriber-level permissions and above to add new categories. Affected: Funnelforms Free (WordPress plugin) u...
CVE-2023-5419
CVE-2023-5419 affects the WordPress plugin Funnelforms Free up to version 3.4 . A missing capability check in the function fnsf_af2_test_mail allows authenticated attackers with subscriber-level permissions and above to send test emails to arbitrary addresses, enabling unauthorized data modificat...
CVE-2023-5419 Funnelforms Free <= 3.4 - Missing Authorization to Test Email Sending
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5386
CVE-2023-5386 affects the Funnelforms Free WordPress plugin (versions up to and including 3.4). Root cause: missing capability check in fnsf_delete_posts, enabling authenticated users with subscriber-level permissions and above to modify data and delete arbitrary posts, including administrator po...
CVE-2023-5386 Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5386 Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5417
The CVE-2023-5417 entry concerns Funnelforms Free for WordPress. A missing capability check in the fnsf_update_category function affects versions up to and including 3.4, allowing authenticated attackers with subscriber-level permissions and above to modify the Funnelforms category for a given po...
CVE-2023-5417 Funnelforms Free <= 3.4 - Missing Authorization to Category Update
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfupdatecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...
WordPress Plugin Funnelforms Free Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Plugin Funnelforms Free Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Plugin Funnelforms Free Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin Funnelforms Free Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin Funnelforms Free Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin Funnelforms Free Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin Funnelforms Free Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin Funnelforms Free Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2023-32090 · WordPress · Funnelforms Free
Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.4 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data without authorization. This is due to a missing capabili...
PT-2023-32085 · WordPress · Funnelforms Free
Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.4 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data without authorization due to a missing capability check ...