FunnelKit

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-10567	Funnelkit FunnelKit	Med	0.41	6.3	0.00		Nov 5, 2025	The FunnelKit WordPress plugin before 3.12.0.1 does not sanitize user input before echoing it back in some of its checkout-related AJAX actions, allowing attackers to conduct reflected XSS attacks against logged-in users.
CVE-2025-2203	Funnelkit FunnelKit		0.00	—	0.00		May 15, 2025	The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

CVE-2025-10567MedNov 5, 2025
Funnelkit
FunnelKit
risk 0.41cvss 6.3epss 0.00
The FunnelKit WordPress plugin before 3.12.0.1 does not sanitize user input before echoing it back in some of its checkout-related AJAX actions, allowing attackers to conduct reflected XSS attacks against logged-in users.
CVE-2025-2203May 15, 2025
Funnelkit
FunnelKit
risk 0.00cvss —epss 0.00
The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks