CVE-2026-0626
- EPSS 0.01%
- Veröffentlicht 04.04.2026 11:16:13
- Zuletzt bearbeitet 07.04.2026 13:20:55
The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpf_optin_form' shortcode in all versions up to, and including, 3.7.9 due to insuffic...
CVE-2025-12000
- EPSS 0.91%
- Veröffentlicht 08.11.2025 03:27:49
- Zuletzt bearbeitet 15.04.2026 00:35:42
The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, w...
CVE-2025-12353
- EPSS 0.1%
- Veröffentlicht 08.11.2025 03:27:47
- Zuletzt bearbeitet 15.04.2026 00:35:42
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin r...
CVE-2024-27965
- EPSS 0.18%
- Veröffentlicht 21.03.2024 17:15:09
- Zuletzt bearbeitet 01.04.2026 16:16:49
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels wpfunnels.This issue affects WPFunnels: from n/a through <= 3.0.6.
CVE-2023-37977
- EPSS 0.08%
- Veröffentlicht 27.07.2023 15:15:11
- Zuletzt bearbeitet 19.02.2025 16:29:43
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions.