3 matches found
CVE-2024-7447 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsfaf2handelfileupload' function in all versions up to, and including, 3.7.3.2. Th...
CVE-2024-7447 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsfaf2handelfileupload' function in all versions up to, and including, 3.7.3.2. Th...
WordPress Funnelforms Free Plugin <= 3.7.3.2 is vulnerable to Broken Access Control
Software Funnelforms Free Type Plugin Vulnerable versions = 3.7.3.2 Fixed in 3.7.4.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7447 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 87b385c8e3d6 Credits Lucio Sá Required privile...