Wpfunnels
by WordPress
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-47530 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2025 | Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects WPFunnels: from n/a through <= 3.5.18. | ||
| CVE-2024-27965 | Med | 0.38 | 5.9 | 0.00 | Mar 21, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels wpfunnels.This issue affects WPFunnels: from n/a through <= 3.0.6. | ||
| CVE-2026-0626 | Med | 0.35 | 6.4 | 0.00 | Apr 4, 2026 | The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpf_optin_form' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and… | ||
| CVE-2025-12000 | Med | 0.35 | 6.5 | 0.01 | Nov 8, 2025 | The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level… | ||
| CVE-2025-67571 | Med | 0.34 | 5.3 | 0.00 | Dec 9, 2025 | Missing Authorization vulnerability in WPFunnels WPFunnels wpfunnels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPFunnels: from n/a through <= 3.6.2. | ||
| CVE-2024-10792 | Med | 0.33 | 6.1 | 0.01 | Nov 21, 2024 | The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes… | ||
| CVE-2025-12353 | Med | 0.27 | 5.3 | 0.00 | Nov 8, 2025 | The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled… | ||
| CVE-2026-49778 | 0.00 | — | 0.00 | Jun 17, 2026 | Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions. | |||
| CVE-2023-37977 | 0.00 | — | 0.00 | Jul 27, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions. |
- risk 0.64cvss 9.8epss 0.00
Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects WPFunnels: from n/a through <= 3.5.18.
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels wpfunnels.This issue affects WPFunnels: from n/a through <= 3.0.6.
- risk 0.35cvss 6.4epss 0.00
The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpf_optin_form' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and…
- risk 0.35cvss 6.5epss 0.01
The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level…
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in WPFunnels WPFunnels wpfunnels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPFunnels: from n/a through <= 3.6.2.
- risk 0.33cvss 6.1epss 0.01
The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes…
- risk 0.27cvss 5.3epss 0.00
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled…
- CVE-2026-49778Jun 17, 2026risk 0.00cvss —epss 0.00
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
- CVE-2023-37977Jul 27, 2023risk 0.00cvss —epss 0.00
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions.