6 matches found
WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Funnel Builder by FunnelKit versions = 3.15.0.1...
CVE-2025-66067 WordPress Funnel Builder by FunnelKit plugin <= 3.13.1.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.13.1.2...
CVE-2025-12878
The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wfopphone shortcode in all versions up to, and including, 3.13.1.2. This is due to insufficient input sanitization and output escaping on the user-supplied default...
CVE-2025-54750
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.11.1...
WordPress Funnel Kit Funnel Builder PRO Plugin <= 3.4.5 is vulnerable to Cross Site Scripting (XSS)
Software Funnel Kit Funnel Builder PRO Type Plugin Vulnerable versions = 3.4.5 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1056 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8c1faa8fa285 Credits Francesco...
WordPress plugin Funnel Kit Funnel Builder PRO 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability...