VYPR

FunnelKit Funnel Builder for WooCommerce Checkout

by Funnelkit

Source repositories

CVEs (4)

  • CVE-2025-7654HigAug 19, 2025
    risk 0.57cvss 8.8epss 0.01

    Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site…

  • CVE-2025-14169HigDec 12, 2025
    risk 0.49cvss 7.5epss 0.00

    The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter in all versions up to, and including, 3.13.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient…

  • CVE-2026-47100HigMay 19, 2026
    risk 0.42cvss 7.5epss 0.00

    Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting.…

  • CVE-2025-12878MedNov 19, 2025
    risk 0.35cvss 6.4epss 0.00

    The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `wfop_phone` shortcode in all versions up to, and including, 3.13.1.2. This is due to insufficient input sanitization and output escaping on the…