Filtered by vendor Getwpfunnels Subscriptions
Filtered by product Wpfunnels Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-12353 2 Getwpfunnels, Wordpress 2 Wpfunnels, Wordpress 2025-11-10 5.3 Medium
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value 'optin_allow_registration' to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled.
CVE-2025-12000 2 Getwpfunnels, Wordpress 2 Wpfunnels, Wordpress 2025-11-10 6.5 Medium
The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVE-2025-54696 2 Getwpfunnels, Wordpress 2 Wpfunnels, Wordpress 2025-08-16 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a through 3.5.26.
CVE-2023-37977 1 Getwpfunnels 1 Wpfunnels 2025-02-19 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions.
CVE-2024-27965 1 Getwpfunnels 1 Wpfunnels 2025-02-14 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels Team WPFunnels allows Stored XSS.This issue affects WPFunnels: from n/a through 3.0.6.