CVE-2023-36686
- EPSS 0.08%
- Veröffentlicht 05.08.2023 23:15:12
- Zuletzt bearbeitet 21.11.2024 08:10:21
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions.
CVE-2020-36736
- EPSS 0.1%
- Veröffentlicht 01.07.2023 04:15:09
- Zuletzt bearbeitet 21.11.2024 05:30:11
The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the export_json, import_json, an...
CVE-2019-25151
- EPSS 0.04%
- Veröffentlicht 07.06.2023 02:15:10
- Zuletzt bearbeitet 21.11.2024 04:39:59
The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate an...
CVE-2021-24330
- EPSS 0.19%
- Veröffentlicht 01.06.2021 14:15:09
- Zuletzt bearbeitet 21.11.2024 05:52:51
The Funnel Builder by CartFlows – Create High Converting Sales Funnels For WordPress plugin before 1.6.13 did not sanitise its facebook_pixel_id and google_analytics_id settings, allowing high privilege users to set XSS payload in them, which will ei...