FunnelKit Automations
by WordPress
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39450 | Hig | 0.46 | 7.1 | — | Jun 15, 2026 | Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions. | ||
| CVE-2025-12469 | 0.00 | — | 0.00 | Nov 5, 2025 | The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.4.1. This is due to the plugin not properly verifying that a user is authorized to… | |||
| CVE-2025-12468 | 0.00 | — | 0.00 | Nov 5, 2025 | The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint… |
- risk 0.46cvss 7.1epss —
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.
- CVE-2025-12469Nov 5, 2025risk 0.00cvss —epss 0.00
The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.4.1. This is due to the plugin not properly verifying that a user is authorized to…
- CVE-2025-12468Nov 5, 2025risk 0.00cvss —epss 0.00
The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint…