2 matches found
CVE-2023-5382
CVE-2023-5382 affects the Funnelforms Free WordPress plugin. The issue is Cross-Site Request Forgery due to missing or improper nonce validation in the fnsf_delete_posts function, allowing unauthenticated attackers to trigger post deletions by deceiving an admin (for example via a forged link). A...
WordPress Funnelforms Free Plugin <= 3.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Funnelforms Free Type Plugin Vulnerable versions = 3.4 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5382 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f05b14250614 Credits Duc Manh Required...