Lucene search
K
FunnelkitFunnel Builder

5 matches found

CVE
CVE
added 2023/12/28 11:1 a.m.73 views

CVE-2023-50856

CVE-2023-50856 affects Funnel Builder for WordPress by FunnelKit (funnel-builder) up to version 2.14.3. It is an SQL Injection (improper neutralization of SQL elements) vulnerability that can be exploited remotely over the network with no user interaction, requiring high privileges, and can impac...

7.6CVSS7.8AI score0.00541EPSS
CVE
CVE
added 2024/08/29 1:52 p.m.57 views

CVE-2024-1056

CVE-2024-1056 affects FunnelKit Funnel Builder Pro for WordPress. It enables Stored XSS via the allow_iframe_tag_in_post function, which uses wp_kses_allowed_html to globally permit script and iframe tags in posts, impacting all versions up to 3.4.5. The vulnerability requires authentication with...

6.4CVSS5.6AI score0.00248EPSS
CVE
CVE
added 2024/06/29 4:33 a.m.56 views

CVE-2024-5192

CVE-2024-5192 affects Funnel Builder for WordPress by FunnelKit (WooCommerce) up to version 3.3.1. Root cause: insufficient input sanitization and output escaping in the mimes parameter enables Stored Cross-Site Scripting. Impact: authenticated attackers with Author+ privileges can inject scripts...

6.4CVSS5.5AI score0.00329EPSS
CVE
CVE
added 2024/07/24 5:31 a.m.50 views

CVE-2024-6836

The Funnel Builder for WordPress by FunnelKit

4.3CVSS4.3AI score0.00325EPSS
CVE
CVE
added 2025/05/15 8:7 p.m.39 views

CVE-2025-2203

The CVE concerns the FunnelKit WordPress plugin, affected versions prior to 3.10.2. The root cause is that a parameter is not sanitized/escaped before being used in an SQL statement, enabling SQL injection by admins. Documented impact is server-side data exposure/manipulation via unauthenticated ...

6.1CVSS7.6AI score0.00221EPSS