cleantalk
Vulnerabilities and Security Researches

Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One, CVE-2026-47100

CVE, Research URL

CVE-2026-47100

Home page URL

Security reports for Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One

Application

Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One

Published on
May 19, 2026
Research Description
Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject malicious JavaScript through the External Scripts setting that executes in the browsers of all checkout page visitors.
Affected versions
max 3.15.0.3.
Status
vulnerable
Previous vulnerability researches
Quick Restaurant Reservations (CVE-2026-24529) , Jan 28, 2026
Quick Restaurant Reservations (CVE-2022-44739) , Jun 07, 2024
Quick Restaurant Reservations (CVE-2022-29923) , Jun 07, 2024
Restaurant Reservations (CVE-2019-15819) , Jun 06, 2024
Restaurant Reservations (CVE-2024-1382) , Jun 06, 2024
New vulnerability
WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds (CVE-2026-42726) , May 22, 2026
Visualizer: Tables and Charts Manager for WordPress (CVE-2026-24573) , May 22, 2026
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One (CVE-2026-47100) , May 22, 2026
Creative Mail – Easier WordPress & WooCommerce Email Marketing (CVE-2026-3985) , May 22, 2026
AudioIgniter Music Player (CVE-2026-8679) , May 22, 2026