Vulnerabilities > Funnelkit > Funnel Builder > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-29 CVE-2024-1056 Cross-site Scripting vulnerability in Funnelkit Funnel Builder
The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all versions up to, and including, 3.4.5.
network
low complexity
funnelkit CWE-79
5.4
5.4
2024-06-29 CVE-2024-5192 Cross-site Scripting vulnerability in Funnelkit Funnel Builder
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient input sanitization and output escaping.
network
low complexity
funnelkit CWE-79
5.4
5.4