CVE-2023-5417

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 22, 2023

Updated: Nov 27, 2023

CWE ID 862

Summary

CVE-2023-5417 is a vulnerability affecting the Funnelforms Free plugin for WordPress. This issue stems from a missing capability check on the 'fnsf_update_category' function, which is present in versions 3.4 and below. Consequently, authenticated attackers with subscriber-level permissions and above can exploit this vulnerability to modify the Funnelforms category for a specified post ID, posing a significant risk to data integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s5J-wk
https://www.cve.org/CVERecord?id=CVE-2023-5417
https://nvd.nist.gov/vuln/detail/CVE-2023-5417

Back to Vulnerability Database

CVE-2023-5417

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations