CVE-2026-47100

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

CVE-2026-47100 Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

CVE-2026-47100 Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

CVE-2026-47100

CVE-2026-47100 affects Funnel Builder for WooCommerce Checkout (FunnelKit) prior to version 3.15.0.3. The vulnerability is a missing authorization flaw in the public checkout AJAX flow (update_order_review) that allows an unauthenticated attacker to invoke internal methods and write to the plugin...

PT-2026-41419

Name of the Vulnerable Software and Affected Versions Funnel Builder affected versions not specified Description An SQL injection flaw in the Funnel Builder plugin allows attackers to inject payment skimmers into WooCommerce checkout pages. This issue enables script propagation across all checkou...

VulnCheck KEV: CVE-2026-47100

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

WordPress Checkout Field Manager (Checkout Manager) for WooCommerce plugin <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by NosleeP++ in WordPress Plugin WooCommerce Checkout Manager versions = 7.8.5...

CVE-2019-11807

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=updateattachmentwccm wccmdefaultkeysload parameter because of a nopriv registration and a lack of capabilities checks...

EUVD-2025-203049

The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter in all versions up to, and including, 3.13.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

WordPress FunnelKit – Funnel Builder for WooCommerce Checkout plugin <= 3.13.1.5 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Funnel Builder by FunnelKit versions = 3.13.1.5...

CVE-2025-14169 FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.5 - Unauthenticated SQL Injection

The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter in all versions up to, and including, 3.13.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

CVE-2025-14169

CVE-2025-14169 affects FunnelKit – Funnel Builder for WooCommerce Checkout (WordPress). Time-based blind SQL Injection via the opid parameter exists in all versions up to 3.13.1.5 due to insufficient escaping and poor SQL query preparation. Unauthenticated attackers could append additional SQL to...

CVE-2025-14169 FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.5 - Unauthenticated SQL Injection

The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter in all versions up to, and including, 3.13.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

CVE-2025-12878 FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode

The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wfopphone shortcode in all versions up to, and including, 3.13.1.2. This is due to insufficient input sanitization and output escaping on the user-supplied default...

CVE-2025-12878

The FunnelKit – Funnel Builder for WooCommerce Checkout WordPress plugin is affected by a stored XSS via the wfop_phone shortcode, in all versions up to and including 3.13.1.2. Exploitation requires authenticated access at Contributor+ level, due to insufficient input sanitization and output esca...

EUVD-2019-3474

Malware in sbrugna...

EUVD-2025-13780

Malicious code in bioql PyPI...

EUVD-2023-51779

Malicious code in bioql PyPI...

CVE-2025-58799

Cross-Site Request Forgery CSRF vulnerability in themelocation Custom WooCommerce Checkout Fields Editor add-fields-to-checkout-page-woocommerce allows Cross Site Request Forgery.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through = 1.3.4...

CVE-2025-58804

Cross-Site Request Forgery CSRF vulnerability in brijrajs WooCommerce Single Page Checkout woo-single-page-checkout allows Cross Site Request Forgery.This issue affects WooCommerce Single Page Checkout: from n/a through = 1.2.7...