CVE-2026-56052
HIGHWordPress Funnel Builder by FunnelKit plugin <= 3.15.0.5 - SQL Injection vulnerability
Title source: cnaDescription
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5.
References (1)
Core 1
Scores
CVSS v3
7.6
EPSS
0.0023
EPSS Percentile
13.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
FunnelKit/Funnel Builder by FunnelKit
< 3.15.0.5
Published
Jun 24, 2026
Tracked Since
Jun 24, 2026