Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

FunnelKit — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting FunnelKit. AI-powered Chinese analysis, POCs, and references for each vulnerability.

FunnelKit is a WordPress plugin designed for sales funnel and checkout optimization. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS), privilege escalation, and authentication bypass flaws. The plugin's eight recorded CVEs highlight consistent security issues, particularly in its file handling and access control mechanisms. While no major public incidents have been widely documented, the pattern of vulnerabilities suggests potential for significant compromise if exploited. Regular updates and careful implementation are advised due to the plugin's history of security weaknesses that could allow attackers to execute unauthorized commands or gain elevated access to affected WordPress installations.

Top products by FunnelKit: FunnelKit Checkout Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit Automation By Autonami SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) FunnelKit Funnel Builder Pro
CVE IDTitleCVSSSeverityPublished
CVE-2024-1056 Funnel Kit Funnel Builder PRO <= 3.4.5 Authenticated(Contributor+) Stored Cross-Site Scripting via allow_iframe_tag_in_post — FunnelKit Funnel Builder ProCWE-79 6.4 Medium2024-08-29
CVE-2024-38684 WordPress SlingBlocks plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability — SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)CWE-79 6.5 Medium2024-07-20
CVE-2023-51670 WordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Arbitrary Plugin Activation vulnerability — FunnelKit CheckoutCWE-862 4.3 Medium2024-06-12
CVE-2023-51671 WordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Plugin Settings Change vulnerability — FunnelKit CheckoutCWE-862 5.4 Medium2024-06-12
CVE-2023-51672 WordPress FunnelKit Checkout plugin <= 3.10.3 - Unauthenticated Arbitrary Post/Page Deletion vulnerability — FunnelKit CheckoutCWE-862 7.5 High2024-03-21
CVE-2024-2580 WordPress Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability — Automation By AutonamiCWE-79 6.5 Medium2024-03-21
CVE-2023-50856 WordPress Funnel Builder for WordPress by FunnelKit Plugin <= 2.14.3 is vulnerable to SQL Injection — Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize ProfitsCWE-89 7.6 High2023-12-28
CVE-2023-50857 WordPress Automation By Autonami Plugin <= 2.6.1 is vulnerable to SQL Injection — Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKitCWE-89 7.6 High2023-12-28

This page lists every published CVE security advisory associated with FunnelKit. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.