3 matches found
CVE-2024-6311 Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Upload
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2addfont' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to...
CVE-2024-6311
CVE-2024-6311 affects Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free (WordPress) prior to 3.7.3.2. Root cause: missing file type validation in af2_add_font enables an authenticated user with Administrator+ rights to upload arbitrary files to the se...
WordPress Funnelforms Free Plugin <= 3.7.3.2 is vulnerable to Arbitrary File Upload
Software Funnelforms Free Type Plugin Vulnerable versions = 3.7.3.2 Fixed in 3.7.4.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6311 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID a49e53d16951 Credits István Márton Required privilege...