Lucene search
K

230 matches found

CNNVD
CNNVD
added 2025/08/20 12:0 a.m.5 views

WordPress plugin Funnel Builder by FunnelKit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS6.8AI score0.00469EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.9 views

PT-2025-34024 · Unknown · Funnelkit Funnel Builder

Name of the Vulnerable Software and Affected Versions: FunnelKit Funnel Builder versions through 3.11.1 Description: This issue involves an improper control of filename for include/require statements in PHP programs, specifically a PHP Local File Inclusion vulnerability within FunnelKit Funnel...

7.5CVSS6.6AI score0.00469EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/08/19 12:15 p.m.24 views

WordPress Funnel Builder by FunnelKit Plugin <= 3.11.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin Funnel Builder by FunnelKit versions = 3.11.1...

7.5CVSS6.7AI score0.00469EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/08/19 8:15 a.m.6 views

CVE-2025-7654

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wfgetcookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make...

8.8CVSS0.00572EPSS
Exploits0References3
CVE
CVE
added 2025/08/19 7:26 a.m.33 views

CVE-2025-7654

CVE-2025-7654 concerns multiple FunnelKit plugins (FunnelKit Automations and FunnelKit – Funnel Builder for WooCommerce Checkout). The vulnerability is a Sensitive Information Exposure via the wf_get_cookie shortcode that authenticated attackers with Contributor-level access and above can leverag...

8.8CVSS6.6AI score0.00572EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/19 7:26 a.m.12 views

CVE-2025-7654 Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wfgetcookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make...

8.8CVSS0.00572EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/19 7:26 a.m.4 views

CVE-2025-7654 Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wfgetcookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make...

8.8CVSS7.2AI score0.00572EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.8 views

PT-2025-33711 · WordPress · Funnelkit – Funnel Builder For Woocommerce Checkout +1

Name of the Vulnerable Software and Affected Versions: FunnelKit – Funnel Builder for WooCommerce Checkout FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce Description: Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf get...

8.8CVSS6.1AI score0.00572EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.2 views

wordpress plugin FunnelKit – Funnel Builder for WooCommerce Checkout和wordpress plugin FunnelKit Automations 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... An information disclosur...

8.8CVSS6.2AI score0.00572EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/08/18 9:48 p.m.11 views

WordPress FunnelKit plugin <= 3.11.0.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin Funnel Builder by FunnelKit versions = 3.11.0.2...

8.8CVSS6.7AI score0.00572EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/07/25 12:0 a.m.5 views

WordPress Funnel Builder by FunnelKit plugin SQL Injection Vulnerability

WordPress Funnel Builder by FunnelKit plugin is a professional sales funnel builder plugin for WordPress platform, which is mainly used to optimize the WooCommerce shopping process and increase the conversion rate. The WordPress Funnel Builder by FunnelKit plugin suffers from a SQL injection...

7.6CVSS8.3AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/18 11:54 a.m.5 views

CVE-2025-49034

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows SQL Injection.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.10.2...

7.6CVSS5.9AI score0.00288EPSS
Exploits0References1
NVD
NVD
added 2025/07/16 12:15 p.m.6 views

CVE-2025-49034

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows SQL Injection.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.10.2...

7.6CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2025/07/16 11:27 a.m.18 views

CVE-2025-49034

CVE-2025-49034 : WordPress Funnel Builder by FunnelKit plugin (

7.6CVSS5.9AI score0.00288EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/16 11:27 a.m.3 views

CVE-2025-49034 WordPress Funnel Builder by FunnelKit plugin <= 3.10.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Funnel Builder by FunnelKit allows SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.10.2...

7.6CVSS7.1AI score0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 11:27 a.m.11 views

CVE-2025-49034 WordPress Funnel Builder by FunnelKit plugin <= 3.10.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows SQL Injection.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.10.2...

7.6CVSS0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.3 views

PT-2025-29805 · Unknown · Funnelkit Funnel Builder

Name of the Vulnerable Software and Affected Versions: FunnelKit Funnel Builder versions through 3.10.2 Description: FunnelKit Funnel Builder is susceptible to a SQL injection flaw due to improper neutralization of special elements within SQL commands. This issue allows for potential SQL injectio...

7.6CVSS7.2AI score0.00288EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.4 views

WordPress plugin Funnel Builder by FunnelKit SQL注入漏洞

WordPress Funnel Builder by FunnelKit plugin is a professional sales funnel builder plugin for WordPress platform, which is mainly used to optimize the WooCommerce shopping process and increase the conversion rate. The WordPress Funnel Builder by FunnelKit plugin suffers from a SQL injection...

7.6CVSS8.2AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/19 3:21 p.m.17 views

CVE-2025-49868

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Aman FunnelKit Automations wp-marketing-automations allows Phishing.This issue affects FunnelKit Automations: from n/a through = 3.6.0...

4.7CVSS5.9AI score0.00198EPSS
Exploits0References1
OSV
OSV
added 2025/06/18 8:15 a.m.3 views

CVE-2025-1562

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the installoractivateaddonplugins function and a weak nonce hash in all...

9.8CVSS5.7AI score
Exploits0References6
Rows per page
Query Builder