Funnelforms Free@3.7.3.2 Security Vulnerabilities and Issues — Funnelforms Free@3.7.3.2 CVE List

Lucene search

FunnelformsFunnelforms Free3.7.3.2

2 matches found

CVE•added 2024/08/28 7:15 a.m.•44 views

CVE-2024-6311

The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to ...

7.2CVSS7.3AI score0.0344EPSS

CVE•added 2024/08/28 7:15 a.m.•43 views

CVE-2024-6312

The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for unauthenticate...

6.5CVSS7AI score0.13748EPSS