26 matches found
EUVD-2023-57726
Malicious code in bioql PyPI...
EUVD-2023-57731
Malicious code in bioql PyPI...
EUVD-2023-57701
Malicious code in bioql PyPI...
EUVD-2023-57734
Malicious code in bioql PyPI...
EUVD-2024-47427
Malicious code in bioql PyPI...
CVE-2023-5416
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...
CVE-2023-5415
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaddcategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5417
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfupdatecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...
CVE-2023-5386
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5387
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2triggerdarkmode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and...
CVE-2023-5385
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-5383
The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts...
CVE-2024-5857
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2handelfileremove AJAX action in all versions up to, and including, 3.7.3.2. This makes it...
CVE-2024-6311 Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Upload
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2addfont' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to...
CVE-2024-6311
CVE-2024-6311 affects Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free (WordPress) prior to 3.7.3.2. Root cause: missing file type validation in af2_add_font enables an authenticated user with Administrator+ rights to upload arbitrary files to the se...
CVE-2024-6312
CVE-2024-6312 affects the Funnelforms Free WordPress plugin (up to version 3.7.3.2). The flaw is in af2DeleteFontFile where the plugin does not validate the target file/path before deletion, allowing unauthenticated attackers to delete arbitrary files (including wp-config.php), enabling site take...
CVE-2023-5417
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfupdatecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...
Design/Logic Flaw
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaddcategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
Cross site request forgery (csrf)
The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfcopyposts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts...
Design/Logic Flaw
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...