CVE-2026-47100

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Funnel Builder for WooCommerce Checkout versions prior to 3.15.0.3

Description A missing authorization issue in the public checkout endpoint allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. This enables the injection of malicious JavaScript through the External Scripts setting, which then executes in the browsers of all visitors to the checkout page.

Recommendations Update to version 3.15.0.3 or later.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2026-47100

Affected Products

Funnelkit – Funnel Builder For Woocommerce Checkout

CVE-2026-47100

Weakness Enumeration

Related Identifiers

Affected Products

References · 7