CVE-2024-47328

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47328
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman FunnelKit Automations wp-marketing-automations allows SQL Injection.This issue affects FunnelKit Automations: from n/a through <= 3.1.2.

7.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://patchstack.com/database/Wordpress/Plugin/wp-marketing-automations/vulnerability/wordpress-recover-woocommerce-cart-abandonment-newsletter-email-marketing-marketing-automation-by-funnelkit-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve
Configurations

Configuration 1 (hide)

cpe:2.3:a:funnelkit:funnelkit_automations:*:*:*:*:*:wordpress:*:*
History

23 Apr 2026, 15:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.2 		v2 : unknown
v3 : 7.6

01 Apr 2026, 16:18

Type Values Removed Values Added
Summary (en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Automation By Autonami allows SQL Injection.This issue affects Automation By Autonami: from n/a through 3.1.2. (en) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman FunnelKit Automations wp-marketing-automations allows SQL Injection.This issue affects FunnelKit Automations: from n/a through <= 3.1.2.
References
  • {'url': 'https://patchstack.com/database/vulnerability/wp-marketing-automations/wordpress-recover-woocommerce-cart-abandonment-newsletter-email-marketing-marketing-automation-by-funnelkit-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve', 'tags': ['Third Party Advisory'], 'source': 'audit@patchstack.com'}
  • () https://patchstack.com/database/Wordpress/Plugin/wp-marketing-automations/vulnerability/wordpress-recover-woocommerce-cart-abandonment-newsletter-email-marketing-marketing-automation-by-funnelkit-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve -

24 Oct 2024, 13:45

Type Values Removed Values Added
First Time Funnelkit funnelkit Automations
Funnelkit
References () https://patchstack.com/database/vulnerability/wp-marketing-automations/wordpress-recover-woocommerce-cart-abandonment-newsletter-email-marketing-marketing-automation-by-funnelkit-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve - () https://patchstack.com/database/vulnerability/wp-marketing-automations/wordpress-recover-woocommerce-cart-abandonment-newsletter-email-marketing-marketing-automation-by-funnelkit-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve - Third Party Advisory
Summary
  • (es) Vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') en FunnelKit Automation By Autonami permite la inyección SQL. Este problema afecta a Automation By Autonami: desde n/a hasta 3.1.2.
CPE cpe:2.3:a:funnelkit:funnelkit_automations:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : 7.6 		v2 : unknown
v3 : 7.2

21 Oct 2024, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-21 11:15

Updated : 2026-04-23 15:19

NVD link : CVE-2024-47328

Mitre link : CVE-2024-47328

CVE.ORG link : CVE-2024-47328

JSON object : View

Products Affected

funnelkit

  • funnelkit_automations
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')