Filtered by vendor Getwpfunnels
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12353 | 2 Getwpfunnels, Wordpress | 2 Wpfunnels, Wordpress | 2025-11-10 | 5.3 Medium |
| The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value 'optin_allow_registration' to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled. | ||||
| CVE-2025-12000 | 2 Getwpfunnels, Wordpress | 2 Wpfunnels, Wordpress | 2025-11-10 | 6.5 Medium |
| The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2025-11967 | 2 Getwpfunnels, Wordpress | 2 Mail Mint, Wordpress | 2025-11-10 | 7.2 High |
| The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-54696 | 2 Getwpfunnels, Wordpress | 2 Wpfunnels, Wordpress | 2025-08-16 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a through 3.5.26. | ||||
| CVE-2023-0173 | 1 Getwpfunnels | 1 Drag \& Drop Sales Funnel Builder | 2025-03-25 | 5.4 Medium |
| The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-37977 | 1 Getwpfunnels | 1 Wpfunnels | 2025-02-19 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions. | ||||
| CVE-2024-27965 | 1 Getwpfunnels | 1 Wpfunnels | 2025-02-14 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels Team WPFunnels allows Stored XSS.This issue affects WPFunnels: from n/a through 3.0.6. | ||||
Page 1 of 1.