Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via...

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject malicious JavaScript through the External Scripts setting that executes in the browsers of all checkout page visitors.

AI Analysis

Missing authorization vulnerability in the public checkout endpoint allowing unauthenticated attackers to invoke internal methods and inject malicious JavaScript.

Basic Information

ID CVE-2026-47100

Source VulnCheck

Published May 19, 2026 at 14:00

Modified May 19, 2026 at 14:04

Affected Product

Vendor FunnelKit

Product Funnel Builder for WooCommerce Checkout

Affected Versions FunnelKit Funnel Builder for WooCommerce Checkout 0

CWE Classification

CWE-862

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor FunnelKit

Product Funnel Builder for WooCommerce Checkout

Version < 3.15.0.3

References

{
    "lastseen": "",
    "description": "Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject malicious JavaScript through the External Scripts setting that executes in the browsers of all checkout page visitors.",
    "published": "2026-05-19T14:00:55.318Z",
    "modified": "2026-05-19T14:04:59.661Z",
    "type": "cve",
    "title": "Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX",
    "source": "VulnCheck",
    "references": "https://sansec.io/research/funnelkit-woocommerce-vulnerability-exploited\nhttps://plugins.trac.wordpress.org/changeset/3530797/funnel-builder/tags/3.15.0.3/modules/checkouts/includes/class-wfacp-ajax-controller.php\nhttps://www.vulncheck.com/advisories/funnel-builder-for-woocommerce-checkout-missing-authorization-via-ajax",
    "id": "CVE-2026-47100",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "FunnelKit Funnel Builder for WooCommerce Checkout 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Funnel Builder for WooCommerce Checkout",
    "version": "0",
    "vendor": "FunnelKit",
    "ai_description": "Missing authorization vulnerability in the public checkout endpoint allowing unauthenticated attackers to invoke internal methods and inject malicious JavaScript.",
    "ai_severity": "High",
    "ai_vendor": "FunnelKit",
    "ai_product": "Funnel Builder for WooCommerce Checkout",
    "ai_version": "< 3.15.0.3",
    "ai_score": 8.7
}

Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX_CVE-2026-47100