10512 matches found
CVE-2023-5387
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2triggerdarkmode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and...
Design/Logic Flaw
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2savepost function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
Design/Logic Flaw
The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete use...
Design/Logic Flaw
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
Design/Logic Flaw
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
Design/Logic Flaw
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfupdatecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...
Design/Logic Flaw
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5387 Funnelforms Free <= 3.4 - Missing Authorization to Enable/Disable Dark Mode
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2triggerdarkmode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and...
CVE-2023-5387
CVE-2023-5387 affects the WordPress plugin Funnelforms Free (up to version 3.4). The root cause is a missing capability check in the function fnsf_af2_trigger_dark_mode , allowing authenticated users with subscriber-level permissions and above to remotely enable or disable the plugin’s dark mode ...
CVE-2023-5416 Funnelforms Free <= 3.4 - Missing Authorization to Category Deletion
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...
CVE-2023-5416
CVE-2023-5416 affects Funnelforms Free for WordPress. The vulnerability is a missing capability check in fnsf_delete_category, allowing authenticated users with subscriber-level permissions and above to delete categories. Affected versions are up to and including 3.4. Connected sources indicate p...
CVE-2023-5411
CVE-2023-5411 affects Funnelforms Free for WordPress (versions up to 3.4). Root cause: missing capability check in fnsf_af2_save_post, enabling authenticated users with subscriber-level permissions or higher to modify certain post values. Impact is constrained by fixed values passed to wp_update_...
CVE-2023-5411 Funnelforms Free <= 3.4 - Missing Authorization to Post Modification
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2savepost function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5415 Funnelforms Free <= 3.4 - Missing Authorization to New Category Creation
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaddcategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5415
CVE-2023-5415 concerns the WordPress plugin Funnelforms Free. The vulnerability arises from a missing capability check in the fnsf_add_category function, allowing authenticated users with subscriber-level permissions and above to add new categories. Affected: Funnelforms Free (WordPress plugin) u...
CVE-2023-6007 UserPro <= 5.1.1 - Missing Authorization via multiple functions
The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete use...
CVE-2023-5419 Funnelforms Free <= 3.4 - Missing Authorization to Test Email Sending
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-6007
CVE-2023-6007 affects the WordPress plugin UserPro – Community and User Profile WordPress Plugin . Root cause: a missing capability check on multiple functions in all versions up to 5.1.1, allowing unauthenticated attackers to perform data access and manipulation. Impact (as stated): attackers ca...
CVE-2023-5386
CVE-2023-5386 affects the Funnelforms Free WordPress plugin (versions up to and including 3.4). Root cause: missing capability check in fnsf_delete_posts, enabling authenticated users with subscriber-level permissions and above to modify data and delete arbitrary posts, including administrator po...
CVE-2023-5417
The CVE-2023-5417 entry concerns Funnelforms Free for WordPress. A missing capability check in the fnsf_update_category function affects versions up to and including 3.4, allowing authenticated attackers with subscriber-level permissions and above to modify the Funnelforms category for a given po...