Описание
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.0 (исключая)
cpe:2.3:a:funnelkit:funnelkit_automations:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 96%
0.21731
Средний
8.6 High
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 8.6
github
около 1 года назад
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
EPSS
Процентиль: 96%
0.21731
Средний
8.6 High
CVSS3
Дефекты
CWE-89