CVSS 3.1 Score 7.6 of 10 (high)


Published Dec 28, 2023
Updated: Jan 4, 2024


CVE-2023-50857 is an SQL Injection vulnerability that affects FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit versions up to 2.6.1. This vulnerability allows an attacker to inject malicious SQL commands into the application, potentially leading to unauthorized access or manipulation of the database. The base severity of this vulnerability is rated as HIGH with a CVSS score of 7.6. To remediate this vulnerability, users should update their FunnelKit plugin to version 2.6.2 or later, which includes a patch for this issue. Organizations using affected versions of FunnelKit should be aware of the potential danger posed by this vulnerability and take immediate action to mitigate the risk of exploitation.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-50857 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options