WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce, CVE-2021-24330

CVE, Research URL: CVE-2021-24330
Home page URL: Security reports for WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce
Application: WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce
Published on: Jun 01, 2021
Research Description: The Funnel Builder by CartFlows – Create High Converting Sales Funnels For WordPress plugin before 1.6.13 did not sanitise its facebook_pixel_id and google_analytics_id settings, allowing high privilege users to set XSS payload in them, which will either be executed on pages generated by the plugin, or the whole website depending on the settings used.
Affected versions: max 1.3.1.
Status: vulnerable

WooCommerce Checkout &amp; Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce, CVE-2021-24330