2 matches found
CVE-2023-5411
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2savepost function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5411
CVE-2023-5411 affects Funnelforms Free for WordPress (versions up to 3.4). Root cause: missing capability check in fnsf_af2_save_post, enabling authenticated users with subscriber-level permissions or higher to modify certain post values. Impact is constrained by fixed values passed to wp_update_...