CVE-2025-2203

The CVE concerns the FunnelKit WordPress plugin, affected versions prior to 3.10.2. The root cause is that a parameter is not sanitized/escaped before being used in an SQL statement, enabling SQL injection by admins. Documented impact is server-side data exposure/manipulation via unauthenticated ...

CVE-2025-2203 WooCommerce Checkout & Funnel Builder by FunnelKit < 3.10.2 - Admin+ SQL Injection

The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

PT-2025-21565 · WordPress · Funnelkit

Name of the Vulnerable Software and Affected Versions: FunnelKit WordPress plugin versions prior to 3.10.2 Description: The issue allows administrators to perform SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. Recommendations: For versions...

WordPress plugin FunnelKit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-30795

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Aman FunnelKit Automations wp-marketing-automations allows Phishing.This issue affects FunnelKit Automations: from n/a through = 3.5.1...

CVE-2025-30795

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Aman FunnelKit Automations wp-marketing-automations allows Phishing.This issue affects FunnelKit Automations: from n/a through = 3.5.1...

CVE-2025-30795

CVE-2025-30795 is an Open Redirect affecting FunnelKit Automations (Autonami). Affected: FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce, up to version 3.5.1. The connected document indicates the vulnerability was patched (Patch Status: Patched). Impact is d...

WordPress Automation By Autonami plugin <= 3.5.1 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Le Ngoc Anh in WordPress Plugin FunnelKit Automations versions = 3.5.1...

WordPress Automation By Autonami plugin <= 3.5.1 - Unauthenticated SQL Injection via 'automationId' vulnerability

Unauthenticated SQL Injection via 'automationId' vulnerability discovered by mikemyers in WordPress Plugin FunnelKit Automations versions = 3.5.1...

CVE-2025-2186

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and...

CVE-2025-2186 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId'

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and...

CVE-2025-2186 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId'

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and...

WordPress plugin Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Recover WooCommerce Cart Abandonment, Newsletter,...

CVE-2024-13675

The SlingBlocks – Gutenberg Blocks by FunnelKit Formerly WooFunnels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Icon List" Block in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-26979

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.9.0...

CVE-2025-26979

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.9.0...

CVE-2025-26979 WordPress Funnel Builder by FunnelKit plugin <= 3.9.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.9.0...

CVE-2025-26979 WordPress Funnel Builder by FunnelKit plugin <= 3.9.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.9.0...

CVE-2025-26979

CVE-2025-26979 is an authenticated-free Local File Inclusion (LFI) vulnerability in FunnelKit Funnel Builder for WooCommerce Checkout, affecting Funnel Builder by FunnelKit up to version 3.9.0. The initial description identifies an Improper Control of Filename for Include/Require in PHP, describe...

WordPress plugin Funnel Builder by FunnelKit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...