QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-24330

Back to search

CVE-2021-24330

Published: Jun 1, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Funnel Builder by CartFlows – Create High Converting Sales Funnels For WordPress plugin before 1.6.13 did not sanitise its facebook_pixel_id and google_analytics_id settings, allowing high privilege users to set XSS payload in them, which will either be executed on pages generated by the plugin, or the whole website depending on the settings used.

VendorProductVersions

Unknown

Funnel Builder by CartFlows – Create High Converting Sales Funnels For WordPress

affected
1.6.13 - < 1.6.13

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now