CVE-2025-12000
- EPSS 1.07%
- Veröffentlicht 08.11.2025 03:27:49
- Zuletzt bearbeitet 12.11.2025 16:19:59
The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, w...
CVE-2025-12353
- EPSS 0.1%
- Veröffentlicht 08.11.2025 03:27:47
- Zuletzt bearbeitet 12.11.2025 16:19:59
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin r...
CVE-2024-27965
- EPSS 0.12%
- Veröffentlicht 21.03.2024 17:15:09
- Zuletzt bearbeitet 14.02.2025 16:11:37
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels Team WPFunnels allows Stored XSS.This issue affects WPFunnels: from n/a through 3.0.6.
CVE-2023-37977
- EPSS 0.08%
- Veröffentlicht 27.07.2023 15:15:11
- Zuletzt bearbeitet 19.02.2025 16:29:43
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions.