CVE-2024-9186 Information

Description

The Recover WooCommerce Cart Abandonment Newsletter Email Marketing Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement allowing unauthenticated users to perform SQL injection attacks

Reference

https://wpscan.com/vulnerability/fab29b59-7e87-4289-88dd-ed5520260c26/