Lucene search
+L

26 matches found

patchstack
patchstack
added 2024/03/13 12:0 a.m.14 views

WordPress WPFunnels Plugin <= 3.0.6 is vulnerable to Cross Site Scripting (XSS)

Software WPFunnels Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-27965 Patch priority Low CVSS severity Low 5.9 Developer WPFunnels Team PSID 7e9814e2c820 Credits Team WeBoB Required...

5.9CVSS6.3AI score0.00339EPSS
Exploits0References2Affected Software1
osv
osv
added 2023/07/27 3:15 p.m.4 views

CVE-2023-37977

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin = 2.7.16 versions...

6.1CVSS7.3AI score0.00331EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/07/27 12:0 a.m.9 views

PT-2023-26224 · WordPress · Wpfunnels

Name of the Vulnerable Software and Affected Versions: WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin versions = 2.7.16 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker...

7.1CVSS6.2AI score0.00331EPSS
Exploits0References4
patchstack
patchstack
added 2023/07/11 12:0 a.m.7 views

WordPress WPFunnels Plugin <= 2.7.15 is vulnerable to Insecure Direct Object References (IDOR)

Software WPFunnels Type Plugin Vulnerable versions = 2.7.15 Fixed in 2.7.16 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE N/A Patch priority Low CVSS severity Low 5.4 Developer WPFunnels Team PSID fefed9db57ed Credits Unknown Required privilege...

6.8AI score
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2023/02/06 7:59 p.m.7 views

CVE-2023-0173 WPFunnels < 2.6.9 - Contributor+ Stored XSS

The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

6.1AI score0.00573EPSS
Exploits1References1
patchstack
patchstack
added 2023/01/11 12:0 a.m.12 views

WordPress WPFunnels Plugin < 2.6.9 is vulnerable to Cross Site Scripting (XSS)

Software WPFunnels Type Plugin Vulnerable versions 2.6.9 Fixed in 2.6.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0173 Patch priority Medium CVSS severity Medium 6.5 Developer WPFunnels Team PSID 8cceeb86a6f0 Credits István Márton Required...

5.4CVSS5.7AI score0.00573EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder