Ery4Ng0615

**Name of the Vulnerable Software and Affected Versions** Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin versions prior to 3.3.0 **Description** The issue allows unauthenticated users to perform SQL injection attacks due to the lack of sanitization and escaping of the `bwfan-track-id` parameter before using it in a SQL statement. **Recommendations** For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL statement that uses the `bwfan-track-id` parameter until a patch is available. Avoid using the `bwfan-track-id` parameter in affected SQL statements until the issue is resolved.