Funnelforms Funnelforms Free — known CVE vulnerabilities
Every CVE whose affected-product data names Funnelforms Funnelforms Free, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-6311 — CVSS 7.2 (high): The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font'…
CVE-2023-5990 — CVSS 6.5 (medium): The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on…
CVE-2024-6312 — CVSS 6.5 (medium): The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the…
CVE-2024-5857 — CVSS 5.3 (medium): The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to…
CVE-2024-7447 — CVSS 5.3 (medium): The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to…