Funnelkit Automations Security Vulnerabilities and Issues — Funnelkit Automations CVE List

Lucene search

FunnelkitFunnelkit Automations

5 matches found

cve•added 2024/11/14 6:15 a.m.•50 views

CVE-2024-9186

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

8.6CVSS8.9AI score0.23943EPSS

cve•added 2022/08/22 3:15 p.m.•48 views

CVE-2022-2389

The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations

4.3CVSS4.5AI score0.00101EPSS

cve•added 2024/10/21 11:15 a.m.•34 views

CVE-2024-47328

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Automation By Autonami allows SQL Injection.This issue affects Automation By Autonami: from n/a through 3.1.2.

7.6CVSS7.7AI score0.00312EPSS

cve•added 2023/12/28 11:15 a.m.•30 views

CVE-2023-50857

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, ...

7.6CVSS7.7AI score0.00139EPSS

cve•added 2025/06/18 8:15 a.m.•9 views

CVE-2025-1562

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_plugins() function and a weak nonce hash in al...

9.8CVSS9.4AI score0.00138EPSS