2 matches found
CVE-2019-25151
The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activateplugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service...
CVE-2019-25151
The CVE-2019-25151 issue affects the Funnel Builder plugin for WordPress, specifically versions up to and including 1.3.0. The root cause is a missing capability check in the activate_plugin function, which enables an authenticated attacker to bypass authorization and activate any plugin on the v...