← volver
CVE-2025-10567

FunnelKit < 3.12.0.1 - Reflected XSS

CVSS 6.3 MEDIUMEPSS 0.2%
The FunnelKit WordPress plugin before 3.12.0.1 does not sanitize user input before echoing it back in some of its checkout-related AJAX actions, allowing attackers to conduct reflected XSS attacks against logged-in users.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Productos afectados
Unknown · FunnelKit

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/c7536b0c-3bce-449d-937e-b0195990110a/