CVE-2023-5382 - How a Simple CSRF Bug Could Let Attackers Delete Your WordPress Posts via Funnelforms Free
---
Summary:
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in the popular Funnelforms Free WordPress plugin, affecting versions up to and including 3.
CVE-2023-5383 - Exploiting WordPress Funnelforms Free Plugin CSRF Vulnerability (Versions ≤ 3.4)
---
Published: June 2024
Affected Plugin: Funnelforms Free (≤ 3.4)
Vulnerability: Cross-Site Request Forgery (CSRF)
CVE: CVE-2023-5383
Severity: Medium
Impact: Unauthorized copying of arbitrary posts
CVE-2023-5096 - Stored XSS in WordPress “HTML filter and csv-file search” Plugin – How it Works and Exploit Example
If you’re running the popular HTML filter and csv-file search WordPress plugin (csvfilter-search), version 2.7 or lower, your site is vulnerable to a
CVE-2023-2440 - Critical Vulnerability in UserPro Plugin for WordPress: Cross-Site Request Forgery Leading to Privilege Escalation
The popular UserPro plugin for WordPress is facing a critical vulnerability due to Cross-Site Request Forgery (CSRF) in versions up to, and including, 5.1.
CVE-2023-41129 - Exploiting CSRF in Patreon WordPress Plugin (<= 1.8.6)
In September 2023, security researchers uncovered a serious Cross-Site Request Forgery (CSRF) vulnerability in the popular Patreon WordPress plugin. Tracked as CVE-2023-41129, this flaw affects
Episode
00:00:00
00:00:00