Funnel Builder by CartFlows < 2.0.2 – Editor+ Stored XSS | CVE 2024-29813

Affects Plugins

Fixed in 2.0.2

References

CVE

CVE-2024-29813

URL

https://patchstack.com/database/vulnerability/cartflows/wordpress-cartflows-plugin-2-0-1-cross-site-scripting-xss-vulnerability

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

LVT-tholv2k

Verified

No

WPVDB ID

396631cd-670c-4b3b-af73-3fa04b81939c

Timeline

Publicly Published

2024-03-25 (about 1 months ago)

Added

2024-03-29 (about 1 months ago)

Last Updated

2024-03-29 (about 1 months ago)

Other

Published

Title

Published

2023-03-20

Title

Time Sheets < 1.29.3 - Admin+ Stored XSS

Published

2022-12-23

Title

Waiting: One-click countdowns <= 0.6.2 - Admin+ Cross-Site Scripting

Published

2010-11-05

Title

Feedlist < 2.70.00 - XSS

Published

2019-07-05

Title

Zoner - Real Estate <= 4.1 - Reflected & Stored XSS

Published

2023-11-28

Title

Formzu WP < 1.6.7 - Contributor+ Stored XSS via id