4 matches found
CVE-2024-1056
CVE-2024-1056 affects FunnelKit Funnel Builder Pro for WordPress. It enables Stored XSS via the allow_iframe_tag_in_post function, which uses wp_kses_allowed_html to globally permit script and iframe tags in posts, impacting all versions up to 3.4.5. The vulnerability requires authentication with...
CVE-2024-5192
CVE-2024-5192 affects Funnel Builder for WordPress by FunnelKit (WooCommerce) up to version 3.3.1. Root cause: insufficient input sanitization and output escaping in the mimes parameter enables Stored Cross-Site Scripting. Impact: authenticated attackers with Author+ privileges can inject scripts...
CVE-2024-6836
The Funnel Builder for WordPress by FunnelKit
CVE-2025-2203
The CVE concerns the FunnelKit WordPress plugin, affected versions prior to 3.10.2. The root cause is that a parameter is not sanitized/escaped before being used in an SQL statement, enabling SQL injection by admins. Documented impact is server-side data exposure/manipulation via unauthenticated ...