CVE-2026-56052

WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.5 - SQL Injection vulnerability

CVSS 7.6 HIGHEPSS 0.2%CWE-89

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.6EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

24 Jun 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Affected products

FunnelKit · Funnel Builder by FunnelKit

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://patchstack.com/database/wordpress/plugin/funnel-builder/vulnerability/wordpress-funnel-builder-by-funnelkit-plugin-3-15-0-5-sql-injection-vulnerability?_s_id=cve