7 matches found
CVE-2024-9186
The CVE-2024-9186 entry concerns the WordPress plugin “Automation By Autonami” (FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation) fixed in version 3.3.0. The issue arises because the bwfan-track-id parameter is not sanitized/escaped before being us...
CVE-2025-1562
CVE-2025-1562 (FunnelKit Automations for WordPress,
CVE-2022-2389
The CVE-2022-2389 entry concerns the WordPress plugin Autonami (Automations By Autonami) for WooCommerce. Prior to version 2.1.2, one AJAX action lacked proper authorization and CSRF checks, allowing any authenticated user (e.g., subscribers) to create automations. This is corroborated across mul...
CVE-2023-50857
Mode C: CVE-2023-50857 is an SQL Injection in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation by FunnelKit. Affected: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation by FunnelKit up to version 2.6.1 (inclusi...
CVE-2024-47328
CVE-2024-47328 is an SQL Injection vulnerability in the WordPress plugin FunnelKit Automation By Autonami . It affects versions up to 3.1.2 and stems from improper neutralization of SQL commands. Exploitation requires Administrator privileges, with network attack potential and impact on confident...
CVE-2025-12468
The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin (up to version 3.6.4.1) is exposed to unauthenticated sensitive information exposure via the /wc-coupons/ REST API endpoint. The endpoint is registered as a public API (public_api = true) and uses pe...
CVE-2025-12469
CVE-2025-12469 affects FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce. A Missing Authorization flaw in the bwfan_test_email AJAX handler, with the nonce exposed via frontend localization, allows authenticated attackers with Subscriber+ rights to send arbitr...