CVE-2023-5417
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Nov 22, 2023
Updated: Nov 27, 2023
CWE ID 862
Summary
CVE-2023-5417 is a vulnerability affecting the Funnelforms Free plugin for WordPress. This issue stems from a missing capability check on the 'fnsf_update_category' function, which is present in versions 3.4 and below. Consequently, authenticated attackers with subscriber-level permissions and above can exploit this vulnerability to modify the Funnelforms category for a specified post ID, posing a significant risk to data integrity.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share