CVE-2024-5192
CVE-2024-5192 affects Funnel Builder for WordPress by FunnelKit (WooCommerce) up to version 3.3.1. Root cause: insufficient input sanitization and output escaping in the mimes parameter enables Stored Cross-Site Scripting. Impact: authenticated attackers with Author+ privileges can inject scripts...