25 matches found
CVE-2023-37977
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin = 2.7.16 versions...
PT-2023-26224 · WordPress · Wpfunnels
Name of the Vulnerable Software and Affected Versions: WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin versions = 2.7.16 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker...
WordPress WPFunnels Plugin <= 2.7.15 is vulnerable to Insecure Direct Object References (IDOR)
Software WPFunnels Type Plugin Vulnerable versions = 2.7.15 Fixed in 2.7.16 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE N/A Patch priority Low CVSS severity Low 5.4 Developer WPFunnels Team PSID fefed9db57ed Credits Unknown Required privilege...
CVE-2023-0173 WPFunnels < 2.6.9 - Contributor+ Stored XSS
The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
WordPress WPFunnels Plugin < 2.6.9 is vulnerable to Cross Site Scripting (XSS)
Software WPFunnels Type Plugin Vulnerable versions 2.6.9 Fixed in 2.6.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0173 Patch priority Medium CVSS severity Medium 6.5 Developer WPFunnels Team PSID 8cceeb86a6f0 Credits István Márton Required...