CVE-2026-39477

CVE-2026-39477 refers to a missing authorization vulnerability in the WordPress plugin CartFlows (Brainstorm Force), affecting CartFlows versions up to 2.2.3. The root cause is an incorrectly configured access-control mechanism that allows exploitation of access levels. CVSS 3.1 base metrics indi...

CVE-2026-39477 WordPress CartFlows plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through = 2.2.3...

CVE-2026-39477 WordPress CartFlows plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through = 2.2.3...

CVE-2026-25316 WordPress CartFlows plugin <= 2.1.19 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through = 2.1.19...

CVE-2026-25316

CVE-2026-25316 affects the WordPress CartFlows plugin (CartFlows)

CVE-2024-4632

The WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customuploadmimes’ function in versions up to, and including, 2.0.7 due to insufficient input sanitization and output...

WordPress Funnel Builder by CartFlows plugin <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin CartFlows versions = 2.0.7...

WordPress Funnel Builder by CartFlows Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Funnel Builder by CartFlows Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4632 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eaec7f3b2d17 Credits wesley wcraf...

WordPress plugin WooCommerce Checkout & Funnel Builder by CartFlows Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress Plugin cartflows Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2020-36736

The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the exportjson, importjson, and statuslogsfile functions. This makes it possibl...

CVE-2020-36736

The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the exportjson, importjson, and statuslogsfile functions. This makes it possibl...

WordPress Plugin WooCommerce Checkout & Funnel Builder by CartFlows 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-11876 · Cartflows · Woocommerce Checkout & Funnel Builder By Cartflows

Name of the Vulnerable Software and Affected Versions: WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress versions up to, and including, 1.5.15 Description: The issue is due to missing or incorrect nonce validation on the export json, import json, and status logs file...