Approved changes feed: RSS · Atom

cpe:2.3:a:amans2k:funnel_builder_for_wordpress_by_funnelkit_–_customize_woocommerce_checkout_pages,_create_sales_funnels,_order_bumps_&_one_click_upsells:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAmans2K (95760b31-873b-5cc1-9730-c52062d6d266)
ProductFunnel Builder For Wordpress By Funnelkit – Customize Woocommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells (c34e3d02-1a22-5547-bbc1-4ad4efe1df5e)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-6836 vulnerable 2026-06-08 06:58:20.573577 Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update
MEDIUM (4.3)
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to update multiple settings, including templates, designs, checkouts, and other plugin settings.
Published: 2024-07-24T05:31:55.874Z
Updated: 2026-04-08T17:27:00.514Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.