Lucene search
K

3 matches found

Vulnrichment
Vulnrichment
added 2024/08/28 11:31 a.m.21 views

CVE-2024-7447 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsfaf2handelfileupload' function in all versions up to, and including, 3.7.3.2. Th...

5.3CVSS7.2AI score0.00402EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/28 11:31 a.m.39 views

CVE-2024-7447 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsfaf2handelfileupload' function in all versions up to, and including, 3.7.3.2. Th...

5.3CVSS0.00402EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/08/28 12:0 a.m.9 views

WordPress Funnelforms Free Plugin <= 3.7.3.2 is vulnerable to Broken Access Control

Software Funnelforms Free Type Plugin Vulnerable versions = 3.7.3.2 Fixed in 3.7.4.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7447 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 87b385c8e3d6 Credits Lucio Sá Required privile...

5.3CVSS6.6AI score0.00402EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder