Log out
Get PRO

Latest

Access violation vulnerability in WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce 1.11.12

  • Severity: low-risk
  • Status: Fixed
  • Publication: June 2, 2023

The CartFlows plugin for WordPress, used for creating sales funnels, has a vulnerability in versions up to and including 1.11.11. This vulnerability would allow an authenticated user with access to cart flow management, such as an administrator or other user types, to modify or delete any post without verifying the post id. This means that attackers with the right access can potentially delete important data.

Detected in:

CartFlows – Checkout & Funnel Builder for WooCommerce fixed vulnerable versions:
WooCommerce Checkout & Funnel Builder by CartFlows fixed vulnerable versions:
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce fixed vulnerable versions: >= * < 1.11.12

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.