CVE-2023-5411
Funnelforms Free <= 3.4 - Missing Authorization to Post Modification
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify certain post values. Note that the extent of modification is limited due to fixed values passed to the wp_update_post function.
El complemento Funnelforms Free para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función fnsf_af2_save_post en versiones hasta la 3.4 incluida. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, modifiquen ciertos valores de publicaciones. Tenga en cuenta que el alcance de la modificación está limitado debido a los valores fijos pasados a la función wp_update_post.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-04 CVE Reserved
- 2023-11-01 CVE Published
- 2024-08-02 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.wordfence.com/threat-intel/vulnerabilities/id/816f5fc1-e4e6-4c0d-b222-fe733f026e33?source=cve | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://plugins.trac.wordpress.org/changeset/2986938/funnelforms-free | 2023-11-27 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Funnelforms Search vendor "Funnelforms" | Funnelforms Search vendor "Funnelforms" for product "Funnelforms" | <= 3.4 Search vendor "Funnelforms" for product "Funnelforms" and version " <= 3.4" | free, wordpress |
Affected
|