FunnelKit WordPress Plugin Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in the FunnelKit WordPress plugin, affecting versions prior to 3.12.0.1. The issue arises because the plugin fails to properly sanitize user input before returning it in certain checkout-related AJAX actions. This oversight allows attackers to execute reflected XSS attacks against logged-in users.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, install the FunnelKit WordPress plugin version prior to 3.12.0.1, along with WooCommerce. Create a Store Checkout and select the Block Editor. Note the post ID of the checkout page. Then, send a POST request to 'wp-admin/admin-ajax.php' with the 'action' parameter set to 'get_gutenberg_checkout_from_data' and the 'wfacp_id' parameter set to the noted post ID. Include unescaped image tags in several other parameters to trigger the XSS payload.

Remediation

Users are advised to update the FunnelKit WordPress plugin to version 3.12.0.1 or later.