Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

amans2k — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting amans2k. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Amans2k is a security researcher primarily focused on identifying vulnerabilities in web applications and enterprise software, with 12 CVEs recorded to date. Common vulnerability classes discovered include remote code execution, cross-site scripting, and privilege escalation flaws. The researcher has demonstrated particular expertise in identifying authentication bypasses and insecure direct object references in widely-used platforms. While no major public security incidents are directly attributed to this researcher, their contributions to vulnerability disclosure have helped address critical flaws in multiple systems. Amans2k's work typically follows responsible disclosure practices, coordinating with vendors to remediate issues before public release.

Top products by amans2k: FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce FunnelKit – Funnel Builder for WooCommerce Checkout SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) Bonanza – WooCommerce Free Gifts Lite
CVE IDTitleCVSSSeverityPublished
CVE-2025-14169 FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.5 - Unauthenticated SQL Injection — FunnelKit – Funnel Builder for WooCommerce CheckoutCWE-89 7.5 High2025-12-12
CVE-2025-12878 FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode — FunnelKit – Funnel Builder for WooCommerce CheckoutCWE-79 6.4 Medium2025-11-19
CVE-2025-12469 FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending — FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerceCWE-862 4.3 Medium2025-11-05
CVE-2025-12468 FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 - Unauthenticated Sensitive Information Exposure — FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerceCWE-200 5.3 Medium2025-11-05
CVE-2025-8607 SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)CWE-79 6.4 Medium2025-08-21
CVE-2025-7654 Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library — FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerceCWE-200 8.8 High2025-08-19
CVE-2025-6730 Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success — Bonanza – WooCommerce Free Gifts LiteCWE-862 4.3 Medium2025-07-29
CVE-2025-1562 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.3 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation — FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerceCWE-862 9.8 Critical2025-06-18
CVE-2025-2186 Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId' — FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerceCWE-89 7.5 High2025-03-22
CVE-2024-13675 SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)CWE-79 6.4 Medium2025-03-08
CVE-2024-6836 Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update — FunnelKit – Funnel Builder for WooCommerce CheckoutCWE-862 4.3 Medium2024-07-24
CVE-2024-5192 Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload — FunnelKit – Funnel Builder for WooCommerce CheckoutCWE-79 6.4 Medium2024-06-29

This page lists every published CVE security advisory associated with amans2k. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.