Funnelkit

Funnel Builder

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-66067

  • EPSS 0.04%
  • Veröffentlicht 21.11.2025 12:29:55
  • Zuletzt bearbeitet 20.01.2026 15:19:01

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.13.1...

7.5

CVE-2025-54750

  • EPSS 0.1%
  • Veröffentlicht 20.08.2025 08:02:50
  • Zuletzt bearbeitet 20.08.2025 14:39:07

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion. This issue affects Funnel Builder by FunnelKit: from n/a t...

7.6

CVE-2025-49034

  • EPSS 0.03%
  • Veröffentlicht 16.07.2025 11:27:59
  • Zuletzt bearbeitet 16.07.2025 14:58:59

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.10.2.

6.1

CVE-2025-2203

Exploit
  • EPSS 0.05%
  • Veröffentlicht 15.05.2025 20:16:05
  • Zuletzt bearbeitet 12.06.2025 16:39:08

The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

7.5

CVE-2025-26979

  • EPSS 0.24%
  • Veröffentlicht 25.02.2025 15:15:30
  • Zuletzt bearbeitet 25.02.2025 15:15:30

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion. This issue affects Funnel Builder by FunnelKit: from n/a t...

5.4

CVE-2024-1056

  • EPSS 0.34%
  • Veröffentlicht 29.08.2024 14:15:08
  • Zuletzt bearbeitet 19.09.2024 22:06:32

The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all versi...

4.3

CVE-2024-6836

  • EPSS 0.27%
  • Veröffentlicht 24.07.2024 06:15:02
  • Zuletzt bearbeitet 21.11.2024 09:50:23

The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on m...

5.4

CVE-2024-5192

  • EPSS 0.23%
  • Veröffentlicht 29.06.2024 05:15:02
  • Zuletzt bearbeitet 21.11.2024 09:47:09

The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up...

7.2

CVE-2023-50856

  • EPSS 0.14%
  • Veröffentlicht 28.12.2023 11:15:09
  • Zuletzt bearbeitet 21.11.2024 08:37:25

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affec...