Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total11
Critical0
High0
Medium11
Reset
Showing 1-11 of 11 records
Threat Entry Updated 2024-11-21

CVE-2023-5419 - Funnelforms Plugin

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_test_mail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to send test emails to an arbitrary email address.

PLUGIN Funnelforms

CVE-2023-5419

MEDIUM CVSS 4.3 2023-11-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5417 - Funnelforms Plugin

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the Funnelforms category for a given post ID.

PLUGIN Funnelforms

CVE-2023-5417

MEDIUM CVSS 4.3 2023-11-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5416 - Funnelforms Plugin

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete categories.

PLUGIN Funnelforms

CVE-2023-5416

MEDIUM CVSS 4.3 2023-11-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5415 - Funnelforms Plugin

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to add new categories.

PLUGIN Funnelforms

CVE-2023-5415

MEDIUM CVSS 4.3 2023-11-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5411 - Funnelforms Plugin

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify certain post values. Note that the extent of modification is limited due to fixed values passed to the wp_update_post function.

PLUGIN Funnelforms

CVE-2023-5411

MEDIUM CVSS 4.3 2023-11-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5386 - Funnelforms Plugin

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts, including administrator posts, and posts not related to the Funnelforms Free plugin.

PLUGIN Funnelforms

CVE-2023-5386

MEDIUM CVSS 6.5 2023-11-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5382 - Funnelforms Plugin

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_delete_posts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Funnelforms

CVE-2023-5382

MEDIUM CVSS 6.5 2023-11-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5387 - Funnelforms Plugin

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_trigger_dark_mode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable the dark mode plugin setting.

PLUGIN Funnelforms

CVE-2023-5387

MEDIUM CVSS 4.3 2023-11-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5385 - Funnelforms Plugin

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create copies of arbitrary posts.

PLUGIN Funnelforms

CVE-2023-5385

MEDIUM CVSS 4.3 2023-11-22
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-5383 - Funnelforms Plugin

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_copy_posts function. This makes it possible for unauthenticated attackers to create copies of arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Funnelforms

CVE-2023-5383

MEDIUM CVSS 4.3 2023-11-22
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4950 - Funnelforms Plugin

The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks

PLUGIN Funnelforms

CVE-2023-4950

MEDIUM CVSS 6.1 2023-10-16
Open Full Technical Breakdown
Scroll to top