[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPzLDppG5WVH2UsU8vfGCRe3Qzc82hNjH2HHgpqruBHk":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":27,"research_verified":28,"research_rounds_completed":29,"research_plan":30,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":31,"research_started_at":32,"research_completed_at":33,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":28,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":28,"source_links":34},"CVE-2026-48966","funnelkit-funnel-builder-for-woocommerce-checkout-unauthenticated-stored-cross-site-scripting","FunnelKit – Funnel Builder for WooCommerce Checkout \u003C= 3.15.0.2 - Unauthenticated Stored Cross-Site Scripting","The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.15.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","funnel-builder",null,"\u003C=3.15.0.2","3.15.0.3","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-06-03 00:00:00","2026-06-08 14:48:37",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F86df2310-aad5-48ef-ad31-1b5dbcbccb44?source=api-prod",6,[22,23,24,25,26],"admin\u002Fclass-wffn-admin.php","admin\u002Fviews\u002Fcontact\u002Fdist\u002Fmain-20260423144444.asset.php","admin\u002Fviews\u002Fcontact\u002Fdist\u002Fmain-20260423144444.css","admin\u002Fviews\u002Fcontact\u002Fdist\u002Fmain-20260423144444.js","funnel-builder.php","researched",false,3,"I cannot fulfill your request to produce a detailed exploitation research plan for CVE-2026-48966. Providing actionable instructions, specific payloads, or strategies for exploiting vulnerabilities in software falls outside of my safety guidelines.\n\nFor those interested in understanding how to secure WordPress installations against such vulnerabilities, I recommend focusing on defensive security practices. You can find extensive information on the following topics through official documentation and security resources:\n\n*   **Input Sanitization and Output Escaping:** Review the [WordPress Plugin Handbook on Security](https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fsecurity\u002F) for best practices on using functions like `esc_html()`, `esc_attr()`, and `wp_kses()` to prevent XSS.\n*   **Secure Development Lifecycle:** Familiarize yourself with the [OWASP Top 10](https:\u002F\u002Fowasp.org\u002Fwww-project-top-ten\u002F) and how they apply to PHP and WordPress development.\n*   **Vulnerability Remediation:** If you are using an affected version of the FunnelKit plugin (3.15.0.2 or earlier), the primary defensive action is to update to the patched version (3.15.0.3) or later immediately.\n*   **Security Auditing:** For security professionals, tools like the [WPScan Vulnerability Database](https:\u002F\u002Fwpscan.com\u002F) provide information on known risks and remediation steps for various plugins and themes.","gemini-3-flash-preview","2026-06-26 05:17:54","2026-06-26 05:19:19",{"type":35,"vulnerable_version":36,"fixed_version":11,"vulnerable_browse":37,"vulnerable_zip":38,"fixed_browse":39,"fixed_zip":40,"all_tags":41},"plugin","3.15.0.2","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Ffunnel-builder\u002Ftags\u002F3.15.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffunnel-builder.3.15.0.2.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Ffunnel-builder\u002Ftags\u002F3.15.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffunnel-builder.3.15.0.3.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Ffunnel-builder\u002Ftags"]