Lucene search
K
FunnelkitFunnelkit Automations

7 matches found

CVE
CVE
added 2024/11/14 6:0 a.m.93 views

CVE-2024-9186

The CVE-2024-9186 entry concerns the WordPress plugin “Automation By Autonami” (FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation) fixed in version 3.3.0. The issue arises because the bwfan-track-id parameter is not sanitized/escaped before being us...

8.6CVSS8.9AI score0.02241EPSS
CVE
CVE
added 2025/06/18 7:22 a.m.64 views

CVE-2025-1562

CVE-2025-1562 (FunnelKit Automations for WordPress,

9.8CVSS9.4AI score0.02904EPSS
CVE
CVE
added 2022/08/22 3:2 p.m.63 views

CVE-2022-2389

The CVE-2022-2389 entry concerns the WordPress plugin Autonami (Automations By Autonami) for WooCommerce. Prior to version 2.1.2, one AJAX action lacked proper authorization and CSRF checks, allowing any authenticated user (e.g., subscribers) to create automations. This is corroborated across mul...

4.3CVSS4.5AI score0.00308EPSS
Web
CVE
CVE
added 2023/12/28 10:57 a.m.51 views

CVE-2023-50857

Mode C: CVE-2023-50857 is an SQL Injection in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation by FunnelKit. Affected: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation by FunnelKit up to version 2.6.1 (inclusi...

7.6CVSS7.8AI score0.00534EPSS
CVE
CVE
added 2024/10/21 11:3 a.m.49 views

CVE-2024-47328

CVE-2024-47328 is an SQL Injection vulnerability in the WordPress plugin FunnelKit Automation By Autonami . It affects versions up to 3.1.2 and stems from improper neutralization of SQL commands. Exploitation requires Administrator privileges, with network attack potential and impact on confident...

7.6CVSS5.9AI score0.00484EPSS
CVE
CVE
added 2025/11/05 9:27 a.m.25 views

CVE-2025-12468

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin (up to version 3.6.4.1) is exposed to unauthenticated sensitive information exposure via the /wc-coupons/ REST API endpoint. The endpoint is registered as a public API (public_api = true) and uses pe...

5.3CVSS5.6AI score0.00351EPSS
CVE
CVE
added 2025/11/05 9:27 a.m.10 views

CVE-2025-12469

CVE-2025-12469 affects FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce. A Missing Authorization flaw in the bwfan_test_email AJAX handler, with the nonce exposed via frontend localization, allows authenticated attackers with Subscriber+ rights to send arbitr...

4.3CVSS5.6AI score0.00235EPSS