Refine your search
4 vulnerabilities found for WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell by getwpfunnels
CVE-2026-0626 (GCVE-0-2026-0626)
Vulnerability from cvelistv5
Published
2026-04-04 11:16
Modified
2026-04-08 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpf_optin_form' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of the 'button_icon' parameter. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Version: 0 ≤ 3.7.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T16:45:22.957985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T16:46:25.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.7.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Paolo Tresso"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels \u2013 Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads \u0026 Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027wpf_optin_form\u0027 shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of the \u0027button_icon\u0027 parameter. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:41:23.537Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2130847a-b6c5-412e-8d90-ba42d3fb21f6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3439366/wpfunnels/trunk/includes/core/shortcodes/templates/optin/form.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-05T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-01-05T21:55:53.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-03T22:13:01.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via \u0027wpf_optin_form\u0027 Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-0626",
"datePublished": "2026-04-04T11:16:13.764Z",
"dateReserved": "2026-01-05T21:49:40.411Z",
"dateUpdated": "2026-04-08T16:41:23.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12000 (GCVE-0-2025-12000)
Vulnerability from cvelistv5
Published
2025-11-08 03:27
Modified
2026-04-08 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Version: 0 ≤ 3.6.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:07:26.229752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:14:35.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Le Cong Danh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:27:08.002Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d969eb46-b12a-4a36-9321-bf1479906a5d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/admin/modules/settings/class-wpfnl-settings.php#L591"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/includes/core/logger/class-wpfnl-logger.php#L172"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3389604/wpfunnels/trunk/admin/modules/settings/class-wpfnl-settings.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-21T15:28:43.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T15:07:46.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12000",
"datePublished": "2025-11-08T03:27:49.707Z",
"dateReserved": "2025-10-20T21:28:29.626Z",
"dateUpdated": "2026-04-08T17:27:08.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12353 (GCVE-0-2025-12353)
Vulnerability from cvelistv5
Published
2025-11-08 03:27
Modified
2026-04-08 16:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Summary
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value 'optin_allow_registration' to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Version: 0 ≤ 3.6.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T19:55:24.670204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T19:58:32.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmed Rayen Ayari"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels \u2013 The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value \u0027optin_allow_registration\u0027 to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:51:41.520Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e376c96-47a8-419f-ab45-f7c46510c767?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3389604/wpfunnels/trunk/public/class-wpfnl-public.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-27T15:28:20.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T15:06:12.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.6.2 - Unauthorized User Registration"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12353",
"datePublished": "2025-11-08T03:27:47.222Z",
"dateReserved": "2025-10-27T15:11:29.679Z",
"dateUpdated": "2026-04-08T16:51:41.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-10792 (GCVE-0-2024-10792)
Vulnerability from cvelistv5
Published
2024-11-21 09:32
Modified
2026-04-08 17:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This was partially patched in 3.5.4 and fully patched in 3.5.5.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Version: 0 ≤ 3.5.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T11:28:45.687984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T11:30:08.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.5.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nathaniel Oh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Easiest Funnel Builder For WordPress \u0026 WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u0027post_id\u0027 parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This was partially patched in 3.5.4 and fully patched in 3.5.5."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:10:39.365Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9846cb0e-fc68-4a1b-a5a5-63116289c369?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/trunk/includes/core/widgets/oxygen/elements/optin/template/template-optin.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3193046/wpfunnels/trunk/includes/core/widgets/oxygen/elements/optin/template/template-optin.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3193046%40wpfunnels\u0026new=3193046%40wpfunnels\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Easiest Funnel Builder For WordPress \u0026 WooCommerce by WPFunnels \u003c= 3.5.5 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10792",
"datePublished": "2024-11-21T09:32:49.679Z",
"dateReserved": "2024-11-04T15:12:23.819Z",
"dateUpdated": "2026-04-08T17:10:39.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}