GCVE - cpe:2.3:a:aman:funnel_builder_by_funnelkit:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:aman:funnel_builder_by_funnelkit:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Aman (`2245b830-497f-5f79-a17b-e44051746173`)
Product	Funnel Builder By Funnelkit (`3642439c-bcb6-521f-9045-7c858bc4bbae`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-66067`	vulnerable	2026-06-08 07:39:21.188471	WordPress Funnel Builder by FunnelKit plugin <= 3.13.1.2 - Cross Site Scripting (XSS) vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.13.1.2. Published: 2025-11-21T12:29:55.849Z Updated: 2026-04-28T16:14:15.817Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/funnel-builder/vulnerability/wordpress-funnel-builder-by-funnelkit-plugin-3-13-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-54750`	vulnerable	2026-06-08 07:33:13.154062	WordPress Funnel Builder by FunnelKit Plugin <= 3.11.1 - Local File Inclusion Vulnerability HIGH (7.5) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.11.1. Published: 2025-08-20T08:02:50.191Z Updated: 2026-05-13T00:05:21.405Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/funnel-builder/vulnerability/wordpress-funnel-builder-by-funnelkit-plugin-3-11-1-local-file-inclusion-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-49034`	vulnerable	2026-06-08 07:29:12.489149	WordPress Funnel Builder by FunnelKit plugin <= 3.10.2 - SQL Injection vulnerability HIGH (7.6) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows SQL Injection.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.10.2. Published: 2025-07-16T11:27:59.710Z Updated: 2026-04-28T16:12:57.795Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/funnel-builder/vulnerability/wordpress-funnel-builder-by-funnelkit-plugin-3-10-2-sql-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-26979`	vulnerable	2026-06-08 07:14:50.764358	WordPress Funnel Builder by FunnelKit plugin <= 3.9.0 - Local File Inclusion vulnerability HIGH (7.5) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.9.0. Published: 2025-02-25T14:17:58.657Z Updated: 2026-04-28T16:11:45.713Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/funnel-builder/vulnerability/wordpress-funnel-builder-by-funnelkit-plugin-3-9-0-local-file-inclusion-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.