Lucene search
+L

3 matches found

Cvelist
Cvelist
added 2024/08/29 3:30 a.m.35 views

CVE-2024-5857 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2handelfileremove AJAX action in all versions up to, and including, 3.7.3.2. This makes it...

5.3CVSS0.00317EPSS
Exploits0References2
CVE
CVE
added 2024/08/29 3:30 a.m.58 views

CVE-2024-5857

CVE-2024-5857 affects Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free (WordPress). A missing capability check on the af2_handel_file_remove AJAX action in all versions up to 3.7.3.2 allows unauthenticated attackers to delete arbitrary media files. C...

5.3CVSS5.6AI score0.00317EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/29 3:30 a.m.17 views

CVE-2024-5857 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2handelfileremove AJAX action in all versions up to, and including, 3.7.3.2. This makes it...

5.3CVSS5.2AI score0.00317EPSS
Exploits0References2
Rows per page
Query Builder