CVE-2024-11938 One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode

The One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...

CVE-2024-11938

CVE-2024-11938 affects the One Click Upsell Funnel for WooCommerce – Free Funnel Builder to create WooCommerce Upsell (WordPress plugin). The vulnerability is a Stored Cross-Site Scripting (XSS) via the wps_wocuf_pro_yes shortcode attributes, caused by insufficient input sanitization and output e...

PT-2024-17353 · WordPress · One Click Upsell Funnel For Woocommerce

Name of the Vulnerable Software and Affected Versions: The One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress versions up to, and including, 3.4.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wps wocuf pro yes shortcode due to insufficient...

WordPress plugin One Click Upsell Funnel for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...