CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/23 4:31 a.m.•4 views

CVE-2023-5387

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2triggerdarkmode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and...

4.3CVSS6.5AI score0.00403EPSS

RedhatCVE•added 2025/05/23 4:31 a.m.•12 views

CVE-2023-5385

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS6.6AI score0.00395EPSS

RedhatCVE•added 2025/05/23 4:31 a.m.•5 views

CVE-2023-5383

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts...

4.3CVSS6.7AI score0.00234EPSS

RedhatCVE•added 2025/05/23 2:39 a.m.•4 views

CVE-2023-5419

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS6AI score0.00395EPSS

RedhatCVE•added 2025/02/05 5:8 a.m.•5 views

CVE-2024-10587

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.5.1 via deserialization of untrusted input. This makes it possible for authenticated attackers,...

8.8CVSS7.5AI score0.00605EPSS

RedhatCVE•added 2025/02/05 3:8 a.m.•14 views

CVE-2024-6311

The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2addfont' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to...

7.2CVSS7.7AI score0.00907EPSS

Vulnrichment•added 2024/12/04 2:40 a.m.•10 views

CVE-2024-10587 Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection

8.8CVSS7.5AI score0.00605EPSS

Cvelist•added 2024/12/04 2:40 a.m.•16 views

CVE-2024-10587 Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection

8.8CVSS0.00605EPSS

CNNVD•added 2024/12/04 12:0 a.m.•2 views

WordPress plugin Funnelforms Free 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

8.8CVSS8.5AI score0.00605EPSS

Patchstack•added 2024/12/03 2:48 p.m.•2 views

WordPress Funnelforms Free plugin <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Funnelforms Free versions = 3.7.5.1...

8.8CVSS7.3AI score0.00605EPSS

Exploits0References1Affected Software1

NVD•added 2024/08/29 11:15 a.m.•20 views

CVE-2024-5857

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2handelfileremove AJAX action in all versions up to, and including, 3.7.3.2. This makes it...

5.3CVSS0.00317EPSS

Vulnrichment•added 2024/08/29 3:30 a.m.•14 views

CVE-2024-5857 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion

5.3CVSS5.2AI score0.00317EPSS

CNNVD•added 2024/08/29 12:0 a.m.•1 views

WordPress plugin Funnelforms Free 安全漏洞

5.3CVSS6.5AI score0.00317EPSS

NVD•added 2024/08/28 12:15 p.m.•25 views

CVE-2024-7447

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsfaf2handelfileupload' function in all versions up to, and including, 3.7.3.2. Th...

5.3CVSS0.00402EPSS

CVE•added 2024/08/28 11:31 a.m.•56 views

CVE-2024-7447

CVE-2024-7447 affects the Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free (WordPress). The vulnerability is due to a missing capability check in fnsf_af2_handel_file_upload, affecting all versions up to 3.7.3.2. This allows unauthenticated attackers...

5.3CVSS5.7AI score0.00402EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2024/08/28 11:31 a.m.•19 views

CVE-2024-7447 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload

5.3CVSS7.2AI score0.00402EPSS

Cvelist•added 2024/08/28 11:31 a.m.•36 views

CVE-2024-7447 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload

5.3CVSS0.00402EPSS

NVD•added 2024/08/28 7:15 a.m.•18 views

CVE-2024-6312

The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for authenticate...

6.5CVSS0.0108EPSS

OSV•added 2024/08/28 7:15 a.m.•3 views

CVE-2024-6311

7.2CVSS6.4AI score0.00907EPSS