cleantalk
Vulnerabilities and Security Researches

SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels), CVE-2024-38684

CVE, Research URL

CVE-2024-38684

Home page URL

Security reports for SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)

Application

SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels)

Published on
Jul 20, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FunnelKit SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) allows Stored XSS.This issue affects SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels): from n/a through 1.4.1.
Affected versions
Min -, max 1.5.0.
Status
vulnerable
Previous vulnerability researches
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) (CVE-2024-13675) , Mar 09, 2025
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) (CVE-2024-38684) , Jul 14, 2024
New vulnerability
RomethemeKit For Elementor (CVE-2024-10326) , Mar 10, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Shortcode Cleaner Lite (CVE-2025-1481) , Mar 09, 2025
All-in-One Addons for Elementor – WidgetKit (CVE-2024-10321) , Mar 09, 2025
SMTP by BestWebSoft (CVE-2024-13908) , Mar 09, 2025