CVE-2023-5411 - Exploiting the Funnelforms Free Plugin’s Unchecked Permissions (Up to v3.4)
The WordPress ecosystem is fantastic, but sometimes plugins introduce serious security risks. One such case is addressed by CVE-2023-5411, which affects the popular Funnelforms Free
CVE-2023-5419 - How Funnelforms Free Plugin for WordPress Lets Subscribers Send Emails Anywhere
WordPress powers more than 40% of the web, but plugins like Funnelforms Free can put your site at risk. CVE-2023-5419 is one of those vulnerabilities
CVE-2023-5417 - Exploiting Improper Capability Checks in Funnelforms Free WordPress Plugin
If you run a WordPress website and use the popular Funnelforms Free plugin, you need to read this: a vulnerability has been found in versions
CVE-2023-5386 - How a Funnelforms Free Plugin Flaw Lets Any Subscriber Delete Your WordPress Posts
Date Discovered: October 2023
Affected Plugin: Funnelforms Free for WordPress
Vulnerable Version: Up to and including 3.4
CVSS Score: 8.8 (High)
Original Advisory:
CVE-2023-5383 - Exploiting WordPress Funnelforms Free Plugin CSRF Vulnerability (Versions ≤ 3.4)
---
Published: June 2024
Affected Plugin: Funnelforms Free (≤ 3.4)
Vulnerability: Cross-Site Request Forgery (CSRF)
CVE: CVE-2023-5383
Severity: Medium
Impact: Unauthorized copying of arbitrary posts
Episode
00:00:00
00:00:00