5.3
CVE-2025-12353
- EPSS 0.1%
- Veröffentlicht 08.11.2025 03:27:47
- Zuletzt bearbeitet 12.11.2025 16:19:59
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
WPFunnels <= 3.6.2 - Unauthorized User Registration
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value 'optin_allow_registration' to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled.
Mögliche Gegenmaßnahme
WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales: Update to version 3.6.3, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales
Version
*-3.6.2
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellergetwpfunnels
≫
Produkt
Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels
Default Statusunaffected
Version <=
3.6.2
Version
*
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.283 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.