Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit 2.7.0

  • Severity: medium-risk
  • Status: Fixed
  • Publication: December 21, 2023

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress has a security vulnerability that could allow attackers to access sensitive information from the database. This vulnerability affects all versions of the plugin up to version 2.7.0. To exploit this vulnerability, the attackers need to have administrator access or above. They can then add additional SQL queries to the existing ones, which can be used to extract the sensitive information.

Detected in:

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce fixed vulnerable versions:
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.