CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5417 – Funnelforms Free <= 3.4 - Missing Authorization to Category Update
https://notcve.org/view.php?id=CVE-2023-5417
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the Funnelforms category for a given post ID. El complemento Funnelforms Free para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función fnsf_update_category en versiones hasta la 3.4 incluida. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, modifiquen la categoría Funnelforms para una ID de publicación determinada. • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free https://www.wordfence.com/threat-intel/vulnerabilities/id/148794ea-3bc9-4084-bdb9-6ee63a781a39?source=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5415 – Funnelforms Free <= 3.4 - Missing Authorization to New Category Creation
https://notcve.org/view.php?id=CVE-2023-5415
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to add new categories. El complemento Funnelforms Free para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función fnsf_add_category en versiones hasta la 3.4 incluida. Esto hace posible que los atacantes autenticados, con permisos de nivel de suscriptor y superiores, agreguen nuevas categorías. • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free https://www.wordfence.com/threat-intel/vulnerabilities/id/6ec3051e-a5e4-48ee-8f8e-eb5dbc482f33?source=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5411 – Funnelforms Free <= 3.4 - Missing Authorization to Post Modification
https://notcve.org/view.php?id=CVE-2023-5411
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify certain post values. Note that the extent of modification is limited due to fixed values passed to the wp_update_post function. El complemento Funnelforms Free para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función fnsf_af2_save_post en versiones hasta la 3.4 incluida. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, modifiquen ciertos valores de publicaciones. • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free https://www.wordfence.com/threat-intel/vulnerabilities/id/816f5fc1-e4e6-4c0d-b222-fe733f026e33?source=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5416 – Funnelforms Free <= 3.4 - Missing Authorization to Category Deletion
https://notcve.org/view.php?id=CVE-2023-5416
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete categories. El complemento Funnelforms Free para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función fnsf_delete_category en versiones hasta la 3.4 incluida. Esto hace posible que los atacantes autenticados, con permisos de nivel de suscriptor y superiores, eliminen categorías. • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free https://www.wordfence.com/threat-intel/vulnerabilities/id/992fc98f-4b23-4596-81fb-5543d82fd615?source=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5383 – Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication
https://notcve.org/view.php?id=CVE-2023-5383
The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_copy_posts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Funnelforms Free para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 3.4 incluida. Esto se debe a una validación nonce faltante o incorrecta en la función fnsf_copy_posts. • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free https://www.wordfence.com/threat-intel/vulnerabilities/id/d35ec0f0-fa7a-4531-b5f7-5adcf2af051c?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •