CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5382 – Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Deletion
https://notcve.org/view.php?id=CVE-2023-5382
01 Nov 2023 — The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_delete_posts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Funnelforms Free para WordPress es vulnerable a Cross-Site Request Forgery en versione... • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5383 – Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication
https://notcve.org/view.php?id=CVE-2023-5383
01 Nov 2023 — The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_copy_posts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Funnelforms Free para WordPress es vulnerable a Cross-Site Request Forgery en ... • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5385 – Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Duplication
https://notcve.org/view.php?id=CVE-2023-5385
01 Nov 2023 — The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create copies of arbitrary posts. El complemento Funnelforms Free para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función fnsf_copy_posts ... • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5387 – Funnelforms Free <= 3.4 - Missing Authorization to Enable/Disable Dark Mode
https://notcve.org/view.php?id=CVE-2023-5387
01 Nov 2023 — The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_trigger_dark_mode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable the dark mode plugin setting. El complemento Funnelforms Free para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la... • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5411 – Funnelforms Free <= 3.4 - Missing Authorization to Post Modification
https://notcve.org/view.php?id=CVE-2023-5411
01 Nov 2023 — The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify certain post values. Note that the extent of modification is limited due to fixed values passed to the wp_update_post function. El complemento Funnelforms Free para WordPress es vulnerable a modificacione... • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5415 – Funnelforms Free <= 3.4 - Missing Authorization to New Category Creation
https://notcve.org/view.php?id=CVE-2023-5415
01 Nov 2023 — The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to add new categories. El complemento Funnelforms Free para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función fnsf_add_category en version... • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5416 – Funnelforms Free <= 3.4 - Missing Authorization to Category Deletion
https://notcve.org/view.php?id=CVE-2023-5416
01 Nov 2023 — The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete categories. El complemento Funnelforms Free para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función fnsf_delete_category en ve... • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5417 – Funnelforms Free <= 3.4 - Missing Authorization to Category Update
https://notcve.org/view.php?id=CVE-2023-5417
01 Nov 2023 — The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the Funnelforms category for a given post ID. El complemento Funnelforms Free para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la ... • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5419 – Funnelforms Free <= 3.4 - Missing Authorization to Test Email Sending
https://notcve.org/view.php?id=CVE-2023-5419
01 Nov 2023 — The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_test_mail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to send test emails to an arbitrary email address. El complemento Funnelforms Free para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función... • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5386 – Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion
https://notcve.org/view.php?id=CVE-2023-5386
01 Nov 2023 — The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts, including administrator posts, and posts not related to the Funnelforms Free plugin. El complemento Funnelforms Free para WordPress es vulnerable a modificaciones no autorizadas de datos d... • https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free • CWE-862: Missing Authorization •