Funnelkit: >> Funnelkit Automations >> 2.8.1 Security Vulnerabilities
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
CVSS Score
8.6
EPSS Score
0.239
Published
2024-11-14
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Automation By Autonami allows SQL Injection.This issue affects Automation By Autonami: from n/a through 3.1.2.
CVSS Score
7.6
EPSS Score
0.002
Published
2024-10-21