Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| FunnelKit | Funnel Builder by FunnelKit | unaffected |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
No data.
Project Subscriptions
No data.
No advisories yet.
Solution
Update the WordPress Funnel Builder by FunnelKit Plugin to the latest available version (at least 3.15.0.3).
Workaround
No workaround given by the vendor.
Tue, 16 Jun 2026 06:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 15 Jun 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions. | |
| Title | WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.2 - Cross Site Scripting (XSS) vulnerability | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: Patchstack
Published:
Updated: 2026-06-16T01:21:31.767Z
Reserved: 2026-05-26T19:56:06.747Z
Link: CVE-2026-48966
Vulnrichment
Updated: 2026-06-16T01:21:26.693Z
NVD
Status : Deferred
Published: 2026-06-15T21:17:18.433
Modified: 2026-06-15T21:24:32.790
Link: CVE-2026-48966
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-16T23:15:16Z