CVE-2023-50856
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Dec 28, 2023
Updated: Jan 4, 2024
CWE ID 89
Summary
CVE-2023-50856 is a critical SQL Injection vulnerability affecting FunnelKit Funnel Builder for WordPress versions 2.14.3 and below. An attacker can exploit this weakness by injecting malicious SQL commands into the application, leading to unauthorized access, data theft, or even system compromise. The vulnerability arises due to improper neutralization of special elements used in SQL commands, putting WordPress websites using FunnelKit at risk. Immediate patching is recommended to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share