CVE-2026-12978 in FunnelKit PluginИнформация

Сводка

по MITRE • 16.07.2026

The FunnelKit WordPress plugin before 3.15.0.6 does not escape a user-supplied parameter before reflecting it into the HTML response of one of its page-builder AJAX actions, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting against logged-in users who open a crafted page. The affected action is only registered when the Divi /builder is active.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Ответственный

WPScan

Резервировать

23.06.2026

Раскрытие

16.07.2026

Модерация

принято

Вход

VDB-379483

EPSS

0.00000

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider

Источники

Want to know what is going to be exploited?

We predict KEV entries!