Cartflows

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2024-4632	WordPress Cartflows	Med	0.42	6.4	Jun 19, 2024	The WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-29813	WordPress Cartflows	Med	0.38	5.9	Mar 27, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CartFlows Inc. Funnel Builder by CartFlows allows Stored XSS.This issue affects Funnel Builder by CartFlows: from n/a through 2.0.1.
CVE-2026-39477	Brainstormforce Cartflows	Med	0.28	4.3	Apr 8, 2026	Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <= 2.2.3.

CVE-2024-4632MedJun 19, 2024
WordPress
Cartflows
risk 0.42cvss 6.4epss 0.00
The WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_upload_mimes’ function in versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-29813MedMar 27, 2024
WordPress
Cartflows
risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CartFlows Inc. Funnel Builder by CartFlows allows Stored XSS.This issue affects Funnel Builder by CartFlows: from n/a through 2.0.1.
CVE-2026-39477MedApr 8, 2026
Brainstormforce
Cartflows
risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <= 2.2.3.