CVE-2024-6836

Name of the Vulnerable Software and Affected Versions The Funnel Builder for WordPress by FunnelKit versions up to, and including, 3.4.6

Description The issue allows authenticated attackers with Contributor-level access and above to update multiple settings due to a missing capability check on multiple functions. This enables them to modify templates, designs, checkouts, and other plugin settings.

Recommendations For versions up to, and including, 3.4.6, update to a version higher than 3.4.6 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functions to minimize the risk of exploitation.