cleantalk
Vulnerabilities and Security Researches

Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit, CVE-2024-9186

CVE, Research URL

CVE-2024-9186

Home page URL

Security reports for Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit

Application

Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit

Published on
Nov 14, 2024
Research Description
The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Affected versions
Min -, max 3.3.0.
Status
vulnerable
Previous vulnerability researches
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2024-47328) , Sep 29, 2024
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2024-9186) , Nov 15, 2024
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-7654) , Aug 20, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-1562) , Jun 20, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-2186) , Mar 24, 2025
New vulnerability
Superb Addons – WordPress Editor Blocks & Patterns and Elementor Sections & Elements , Aug 21, 2025
PHP Compatibility Checker , Aug 21, 2025
Infility Global (CVE-2025-47650) , Aug 21, 2025
Contact Manager (CVE-2025-8783) , Aug 21, 2025
Custom Comment (CVE-2025-49889) , Aug 20, 2025