4 matches found
CVE-2024-9186
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
CVE-2024-9186
creationtimestamp| type| source ---|---|--- 2024-11-14 06:12:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113479826497723963 2024-11-14 08:17:20+00:00| seen| https://t.me/cvedetector/10907 2024-11-28 01:31:01+00:00| confirmed|...
CVE-2024-9186 Automation By Autonami < 3.3.0 - Unauthenticated SQLi
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
WordPress Automation By Autonami Plugin < 3.3.0 is vulnerable to SQL Injection
Software Automation By Autonami Type Plugin Vulnerable versions 3.3.0 Fixed in 3.3.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9186 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0bc9c96e6168 Credits y4ng0615 Required privilege Unauthenticated...