CVE-2024-5192

The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...

GHSA-8237-957H-H2C2 FileManager Deserialization of Untrusted Data vulnerability

Impact Deserialization of untrusted data from the mimes parameter could lead to remote code execution. Patches Fixed in 3.0.9 Workarounds Not needed, a composer update will solve it in a non-breaking way. References Reported responsibly Vladislav Gladkiy at Positive Technologies...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the mimes parameter. Details Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse...

CVE-2024-52306

CVE-2024-52306 affects the Backpack FileManager component used in Laravel Backpack, where deserialization of untrusted data from the mimes parameter can lead to remote code execution. The issue is caused by insecure deserialization prior to version 3.0.9. A fix is available in 3.0.9 and later. Im...

CVE-2024-5192

The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...

PT-2024-35051 · Funnelkit · The Funnel Builder For Wordpress By Funnelkit

Name of the Vulnerable Software and Affected Versions: The Funnel Builder for WordPress by FunnelKit plugin for WordPress versions up to, and including, 3.3.1 Description: The issue is related to Stored Cross-Site Scripting via the mimes parameter due to insufficient input sanitization and output...