3 matches found
CVE-2023-5386
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5386
CVE-2023-5386 affects the Funnelforms Free WordPress plugin (versions up to and including 3.4). Root cause: missing capability check in fnsf_delete_posts, enabling authenticated users with subscriber-level permissions and above to modify data and delete arbitrary posts, including administrator po...
CVE-2023-5386 Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...