5 matches found
CVE-2023-50856
CVE-2023-50856 affects Funnel Builder for WordPress by FunnelKit (funnel-builder) up to version 2.14.3. It is an SQL Injection (improper neutralization of SQL elements) vulnerability that can be exploited remotely over the network with no user interaction, requiring high privileges, and can impac...
CVE-2024-1056
CVE-2024-1056 affects FunnelKit Funnel Builder Pro for WordPress. It enables Stored XSS via the allow_iframe_tag_in_post function, which uses wp_kses_allowed_html to globally permit script and iframe tags in posts, impacting all versions up to 3.4.5. The vulnerability requires authentication with...
CVE-2024-5192
CVE-2024-5192 affects Funnel Builder for WordPress by FunnelKit (WooCommerce) up to version 3.3.1. Root cause: insufficient input sanitization and output escaping in the mimes parameter enables Stored Cross-Site Scripting. Impact: authenticated attackers with Author+ privileges can inject scripts...
CVE-2024-6836
The Funnel Builder for WordPress by FunnelKit
CVE-2025-2203
The CVE concerns the FunnelKit WordPress plugin, affected versions prior to 3.10.2. The root cause is that a parameter is not sanitized/escaped before being used in an SQL statement, enabling SQL injection by admins. Documented impact is server-side data exposure/manipulation via unauthenticated ...