Vulnerabilities > CVE-2024-6836

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

NVD

Published: 2024-07-24

Updated: 2024-07-24

Summary

The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to update multiple settings, including templates, designs, checkouts, and other plugin settings.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/d9022afe-0c79-413b-ac0a-a1d32ec09619?source=cve
https://plugins.trac.wordpress.org/browser/funnel-builder/trunk/modules/checkouts/includes/class-wfacp-ajax-controller.php
https://plugins.trac.wordpress.org/changeset/3123202/

Vulnerabilities > CVE-2024-6836 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2024-6836"}]}

Summary

References

Vulnerabilities > CVE-2024-6836