Funnelkit

Funnel Builder

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.6

CVE-2026-56052

  • EPSS 0.23%
  • Veröffentlicht 24.06.2026 07:23:45
  • Zuletzt bearbeitet 25.06.2026 13:26:11

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5.

7.1

CVE-2026-48966

  • EPSS 0.18%
  • Veröffentlicht 15.06.2026 20:19:07
  • Zuletzt bearbeitet 15.06.2026 21:24:32

Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions.

9.3

CVE-2026-42381

  • EPSS 0.28%
  • Veröffentlicht 15.06.2026 20:18:32
  • Zuletzt bearbeitet 15.06.2026 21:24:32

Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0.1 versions.

6.5

CVE-2025-66067

  • EPSS 0.17%
  • Veröffentlicht 21.11.2025 12:29:55
  • Zuletzt bearbeitet 27.04.2026 18:16:32

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.13.1.2.

7.5

CVE-2025-54750

  • EPSS 0.47%
  • Veröffentlicht 20.08.2025 08:02:50
  • Zuletzt bearbeitet 23.04.2026 15:32:55

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: f...

7.6

CVE-2025-49034

  • EPSS 0.29%
  • Veröffentlicht 16.07.2025 11:27:59
  • Zuletzt bearbeitet 23.04.2026 15:31:12

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows SQL Injection.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.10.2.

6.1

CVE-2025-2203

Exploit
  • EPSS 0.22%
  • Veröffentlicht 15.05.2025 20:16:05
  • Zuletzt bearbeitet 12.06.2025 16:39:08

The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

7.5

CVE-2025-26979

  • EPSS 0.74%
  • Veröffentlicht 25.02.2025 15:15:30
  • Zuletzt bearbeitet 23.04.2026 15:26:10

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: f...

5.4

CVE-2024-1056

  • EPSS 0.25%
  • Veröffentlicht 29.08.2024 14:15:08
  • Zuletzt bearbeitet 19.09.2024 22:06:32

The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all versi...

4.3

CVE-2024-6836

  • EPSS 0.33%
  • Veröffentlicht 24.07.2024 06:15:02
  • Zuletzt bearbeitet 21.11.2024 09:50:23

The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on m...