VYPR
Vendor

Funnelforms

Products
1
CVEs
17
Across products
17
Status
Private

Products

1

Recent CVEs

17
  • CVE-2024-10587HigDec 4, 2024
    risk 0.57cvss 8.8epss 0.01

    The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.5.1 via deserialization of untrusted input. This makes it possible for…

  • CVE-2024-6312MedAug 28, 2024
    risk 0.43cvss 6.5epss 0.01

    The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it…

  • CVE-2025-62758MedDec 31, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Funnelforms Funnelforms Free funnelforms-free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through <= 3.8.

  • CVE-2023-5386MedNov 22, 2023
    risk 0.35cvss 6.5epss 0.00

    The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2023-5382MedNov 22, 2023
    risk 0.35cvss 6.5epss 0.00

    The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_delete_posts function. This makes it possible for unauthenticated attackers to delete…

  • CVE-2025-68582MedDec 24, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through <= 3.8.

  • CVE-2023-5419MedNov 22, 2023
    risk 0.21cvss 4.3epss 0.00

    The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_test_mail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2023-5417MedNov 22, 2023
    risk 0.21cvss 4.3epss 0.00

    The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2023-5416MedNov 22, 2023
    risk 0.21cvss 4.3epss 0.00

    The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2023-5415MedNov 22, 2023
    risk 0.21cvss 4.3epss 0.00

    The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2023-5411MedNov 22, 2023
    risk 0.21cvss 4.3epss 0.00

    The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2023-5387MedNov 22, 2023
    risk 0.21cvss 4.3epss 0.00

    The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_trigger_dark_mode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with…

  • CVE-2023-5385MedNov 22, 2023
    risk 0.21cvss 4.3epss 0.00

    The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2023-5383MedNov 22, 2023
    risk 0.21cvss 4.3epss 0.00

    The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsf_copy_posts function. This makes it possible for unauthenticated attackers to create…

  • CVE-2024-6311Aug 28, 2024
    risk 0.01cvss epss 0.01

    The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and…

  • CVE-2024-5857Aug 29, 2024
    risk 0.00cvss epss 0.00

    The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the af2_handel_file_remove AJAX action in all versions up to, and including,…

  • CVE-2024-7447Aug 28, 2024
    risk 0.00cvss epss 0.00

    The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsf_af2_handel_file_upload' function in all versions up to,…