FunnelKit Vulnerability

The FunnelKit plugin is a WooCommerce checkout builder for WordPress. It allows users to customize their checkout process, but the vulnerability discovered in this CVE affects its SQL injection capabilities. This means that an attacker could inject malicious SQL queries into your database, potentially extracting sensitive information.

You're affected if you use FunnelKit - Funnel Builder for WooCommerce Checkout. Specific version info not stated in the advisory.

To patch your installation, follow these steps:

1. Update to FunnelKit version 3.13.2 or later from the WordPress Plugin Directory.
2. If you can't update immediately, apply the following immediate mitigations:
   • Restrict network access to your WordPress site (firewall it from the public internet).
   • Audit database queries for suspicious patterns.

• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• www.wordfence.com