CVE-2023-5383 - Exploiting WordPress Funnelforms Free Plugin CSRF Vulnerability (Versions ≤ 3.4)
---
Published: June 2024
Affected Plugin: Funnelforms Free (≤ 3.4)
Vulnerability: Cross-Site Request Forgery (CSRF)
CVE: CVE-2023-5383
Severity: Medium
Impact: Unauthorized copying of arbitrary posts
CVE-2023-5386 - How a Funnelforms Free Plugin Flaw Lets Any Subscriber Delete Your WordPress Posts
Date Discovered: October 2023
Affected Plugin: Funnelforms Free for WordPress
Vulnerable Version: Up to and including 3.4
CVSS Score: 8.8 (High)
Original Advisory:
CVE-2023-5416 - How a Simple Missing Capability Check in Funnelforms Free Lets Any User Delete Your Categories
In the world of WordPress plugins, security mistakes can have massive consequences. In late 2023, a critical flaw was discovered in the popular Funnelforms Free
Episode
00:00:00
00:00:00