CVE-2023-50856

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Dec 28, 2023
Updated: Jan 4, 2024
CWE ID 89

Summary

CVE-2023-50856 is a critical SQL Injection vulnerability affecting FunnelKit Funnel Builder for WordPress versions 2.14.3 and below. An attacker can exploit this weakness by injecting malicious SQL commands into the application, leading to unauthorized access, data theft, or even system compromise. The vulnerability arises due to improper neutralization of special elements used in SQL commands, putting WordPress websites using FunnelKit at risk. Immediate patching is recommended to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share