WordPress Funnel Builder by FunnelKit plugin <= 3.9.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Funnel Builder by FunnelKit versions = 3.9.0...

CVE-2024-47328

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman FunnelKit Automations wp-marketing-automations allows SQL Injection.This issue affects FunnelKit Automations: from n/a through = 3.1.2...

CVE-2024-9186

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

CVE-2024-9186

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

CVE-2024-9186

The CVE-2024-9186 entry concerns the WordPress plugin “Automation By Autonami” (FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation) fixed in version 3.3.0. The issue arises because the bwfan-track-id parameter is not sanitized/escaped before being us...

PT-2024-39476 · Funnelkit · Recover Woocommerce Cart Abandonment

Name of the Vulnerable Software and Affected Versions: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin versions prior to 3.3.0 Description: The issue allows unauthenticated users to perform SQL injection attacks due to the lack...

CVE-2024-47328

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FunnelKit Automation By Autonami allows SQL Injection.This issue affects Automation By Autonami: from n/a through 3.1.2...

CVE-2024-47328

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman FunnelKit Automations wp-marketing-automations allows SQL Injection.This issue affects FunnelKit Automations: from n/a through = 3.1.2...

CVE-2024-47328

CVE-2024-47328 is an SQL Injection vulnerability in the WordPress plugin FunnelKit Automation By Autonami . It affects versions up to 3.1.2 and stems from improper neutralization of SQL commands. Exploitation requires Administrator privileges, with network attack potential and impact on confident...

CVE-2024-47328 WordPress Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin <= 3.1.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman FunnelKit Automations wp-marketing-automations allows SQL Injection.This issue affects FunnelKit Automations: from n/a through = 3.1.2...

WordPress Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin <= 3.1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin FunnelKit Automations versions = 3.1.2...

CVE-2024-1056

The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allowiframetaginpost' function which uses the 'wpksesallowedhtml' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. This makes it possibl...

CVE-2024-1056

The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allowiframetaginpost' function which uses the 'wpksesallowedhtml' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. This makes it possibl...

CVE-2024-1056 Funnel Kit Funnel Builder PRO <= 3.4.5 Authenticated(Contributor+) Stored Cross-Site Scripting via allow_iframe_tag_in_post

The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allowiframetaginpost' function which uses the 'wpksesallowedhtml' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. This makes it possibl...

CVE-2024-1056 Funnel Kit Funnel Builder PRO <= 3.4.5 Authenticated(Contributor+) Stored Cross-Site Scripting via allow_iframe_tag_in_post

The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allowiframetaginpost' function which uses the 'wpksesallowedhtml' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5. This makes it possibl...

PT-2024-16368 · WordPress · Funnelkit Funnel Builder

Name of the Vulnerable Software and Affected Versions: FunnelKit Funnel Builder Pro plugin for WordPress versions up to, and including, 3.4.5 Description: The issue is related to Stored Cross-Site Scripting, where the allow iframe tag in post function uses the wp kses allowed html filter to...

CVE-2024-6836

The Funnel Builder for WordPress by FunnelKit

WordPress Funnel Builder for WordPress by FunnelKit plugin <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update vulnerability

Missing Authorization to Authenticated Contributor+ Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin Funnel Builder by FunnelKit versions = 3.4.6...

PT-2024-37895 · Funnelkit · The Funnel Builder For Wordpress

Name of the Vulnerable Software and Affected Versions: The Funnel Builder for WordPress by FunnelKit versions up to, and including, 3.4.6 Description: The issue allows authenticated attackers with Contributor-level access and above to update multiple settings due to a missing capability check on...

WordPress plugin Funnel Builder for WordPress by FunnelKit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...