Search criteria
10 vulnerabilities by getwpfunnels
CVE-2026-1258 (GCVE-0-2026-1258)
Vulnerability from cvelistv5 – Published: 2026-02-14 08:26 – Updated: 2026-02-17 15:44
VLAI?
Title
Mail Mint <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints
Summary
The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by', 'order-type', and 'selectedCourses' parameters and lack of sufficient preparation on the existing SQL queries. This makes it possible for authenticated attackers, with administrator level access and above, to append additional SQL queries into already existing queries.
Severity ?
4.9 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| getwpfunnels | Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more |
Affected:
* , ≤ 1.19.2
(semver)
|
Credits
Paolo Tresso
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T15:36:23.534985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T15:44:11.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail Mint \u2013 Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.19.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Paolo Tresso"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the \u0027forms\u0027, \u0027automation\u0027, \u0027email/templates\u0027, and \u0027contacts/import/tutorlms/map\u0027 API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied \u0027order-by\u0027, \u0027order-type\u0027, and \u0027selectedCourses\u0027 parameters and lack of sufficient preparation on the existing SQL queries. This makes it possible for authenticated attackers, with administrator level access and above, to append additional SQL queries into already existing queries."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-14T08:26:48.193Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfb59bca-0653-4e75-8da1-e78e5d659422?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/Database/models/FormModel.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/Internal/Automation/Core/DataStore/AutomationStore.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/API/Actions/Admin/Email/TemplateAction.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/Utilities/Helper/Import.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-09T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-01-20T20:20:14.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-13T19:51:24.000Z",
"value": "Disclosed"
}
],
"title": "Mail Mint \u003c= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1258",
"datePublished": "2026-02-14T08:26:48.193Z",
"dateReserved": "2026-01-20T20:05:01.189Z",
"dateUpdated": "2026-02-17T15:44:11.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1447 (GCVE-0-2026-1447)
Vulnerability from cvelistv5 – Published: 2026-02-03 06:38 – Updated: 2026-02-03 15:30
VLAI?
Title
Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Summary
The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it possible for unauthenticated attackers to create or update contact notes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Due to missing sanitization and escaping this can lead to stored Cross-Site Scripting.
Severity ?
5.4 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| getwpfunnels | Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more |
Affected:
* , ≤ 1.19.2
(semver)
|
Credits
Bui Van Y
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T15:25:58.042790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T15:30:16.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail Mint \u2013 Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.19.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bui Van Y"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it possible for unauthenticated attackers to create or update contact notes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Due to missing sanitization and escaping this can lead to stored Cross-Site Scripting."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T06:38:05.981Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e67ae204-2848-4389-a78d-7b3798e4ee54?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php?old=3032077\u0026old_path=mail-mint%2Ftrunk%2Fapp%2FAPI%2FActions%2FAdmin%2FContact%2FContactProfileAction.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-26T17:16:50.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-02T18:07:42.000+00:00",
"value": "Disclosed"
}
],
"title": "Mail Mint \u003c= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1447",
"datePublished": "2026-02-03T06:38:05.981Z",
"dateReserved": "2026-01-26T17:00:55.043Z",
"dateUpdated": "2026-02-03T15:30:16.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15347 (GCVE-0-2025-15347)
Vulnerability from cvelistv5 – Published: 2026-01-20 14:26 – Updated: 2026-01-20 14:50
VLAI?
Title
Creator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update
Summary
The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check function in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor level access and above, to update arbitrary WordPress options.
Severity ?
8.8 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| getwpfunnels | Creator LMS – The LMS for Creators, Coaches, and Trainers |
Affected:
* , ≤ 1.1.12
(semver)
|
Credits
Sarawut Poolkhet
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T14:50:10.607501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T14:50:26.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Creator LMS \u2013 The LMS for Creators, Coaches, and Trainers",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.1.12",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sarawut Poolkhet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Creator LMS \u2013 The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check function in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor level access and above, to update arbitrary WordPress options."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T14:26:33.130Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4bddaefc-9ddc-4798-acb6-7b87f7c924a1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3433193/creatorlms/tags/1.1.13/includes/Rest/V1/SettingsController.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-22T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-12-30T00:07:43.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-20T01:48:16.000+00:00",
"value": "Disclosed"
}
],
"title": "Creator LMS \u2013 The LMS for Creators, Coaches, and Trainers \u003c= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15347",
"datePublished": "2026-01-20T14:26:33.130Z",
"dateReserved": "2025-12-29T23:50:31.027Z",
"dateUpdated": "2026-01-20T14:50:26.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11967 (GCVE-0-2025-11967)
Vulnerability from cvelistv5 – Published: 2025-11-08 09:28 – Updated: 2025-11-10 14:13
VLAI?
Title
Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload
Summary
The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity ?
7.2 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| getwpfunnels | Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more |
Affected:
* , ≤ 1.18.10
(semver)
|
Credits
Le Cong Danh
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:08:05.303014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:13:37.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail Mint \u2013 Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.18.10",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Le Cong Danh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T09:28:11.511Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf902756-21f3-483b-a5d8-a9b4226bde22?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3389643/mail-mint/tags/1.18.11/app/API/Actions/Admin/Contact/ContactImportAction.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-21T15:27:26.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T21:08:54.000+00:00",
"value": "Disclosed"
}
],
"title": "Mail Mint \u003c= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11967",
"datePublished": "2025-11-08T09:28:11.511Z",
"dateReserved": "2025-10-20T15:11:14.944Z",
"dateUpdated": "2025-11-10T14:13:37.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12000 (GCVE-0-2025-12000)
Vulnerability from cvelistv5 – Published: 2025-11-08 03:27 – Updated: 2025-11-10 14:14
VLAI?
Title
WPFunnels <= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal
Summary
The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| getwpfunnels | Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels |
Affected:
* , ≤ 3.6.2
(semver)
|
Credits
Le Cong Danh
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:07:26.229752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:14:35.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Easy WordPress Funnel Builder To Collect Leads And Increase Sales \u2013 WPFunnels",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Le Cong Danh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T03:27:49.707Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d969eb46-b12a-4a36-9321-bf1479906a5d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/admin/modules/settings/class-wpfnl-settings.php#L591"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/includes/core/logger/class-wpfnl-logger.php#L172"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3389604/wpfunnels/trunk/admin/modules/settings/class-wpfnl-settings.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-21T15:28:43.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T15:07:46.000+00:00",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12000",
"datePublished": "2025-11-08T03:27:49.707Z",
"dateReserved": "2025-10-20T21:28:29.626Z",
"dateUpdated": "2025-11-10T14:14:35.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12353 (GCVE-0-2025-12353)
Vulnerability from cvelistv5 – Published: 2025-11-08 03:27 – Updated: 2025-11-10 19:58
VLAI?
Title
WPFunnels <= 3.6.2 - Unauthorized User Registration
Summary
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value 'optin_allow_registration' to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled.
Severity ?
5.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| getwpfunnels | Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels |
Affected:
* , ≤ 3.6.2
(semver)
|
Credits
Ahmed Rayen Ayari
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T19:55:24.670204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T19:58:32.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Easy WordPress Funnel Builder To Collect Leads And Increase Sales \u2013 WPFunnels",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmed Rayen Ayari"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels \u2013 The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value \u0027optin_allow_registration\u0027 to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T03:27:47.222Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e376c96-47a8-419f-ab45-f7c46510c767?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3389604/wpfunnels/trunk/public/class-wpfnl-public.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-27T15:28:20.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T15:06:12.000+00:00",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.6.2 - Unauthorized User Registration"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12353",
"datePublished": "2025-11-08T03:27:47.222Z",
"dateReserved": "2025-10-27T15:11:29.679Z",
"dateUpdated": "2025-11-10T19:58:32.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-10792 (GCVE-0-2024-10792)
Vulnerability from cvelistv5 – Published: 2024-11-21 09:32 – Updated: 2024-11-21 11:30
VLAI?
Title
Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels <= 3.5.5 - Reflected Cross-Site Scripting
Summary
The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This was partially patched in 3.5.4 and fully patched in 3.5.5.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| getwpfunnels | Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels |
Affected:
* , ≤ 3.5.5
(semver)
|
Credits
Nathan
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T11:28:45.687984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T11:30:08.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Easiest Funnel Builder For WordPress \u0026 WooCommerce by WPFunnels",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.5.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nathan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Easiest Funnel Builder For WordPress \u0026 WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u0027post_id\u0027 parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This was partially patched in 3.5.4 and fully patched in 3.5.5."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T09:32:49.679Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9846cb0e-fc68-4a1b-a5a5-63116289c369?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/trunk/includes/core/widgets/oxygen/elements/optin/template/template-optin.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3193046/wpfunnels/trunk/includes/core/widgets/oxygen/elements/optin/template/template-optin.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3193046%40wpfunnels\u0026new=3193046%40wpfunnels\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Easiest Funnel Builder For WordPress \u0026 WooCommerce by WPFunnels \u003c= 3.5.5 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10792",
"datePublished": "2024-11-21T09:32:49.679Z",
"dateReserved": "2024-11-04T15:12:23.819Z",
"dateUpdated": "2024-11-21T11:30:08.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27965 (GCVE-0-2024-27965)
Vulnerability from cvelistv5 – Published: 2024-03-21 16:38 – Updated: 2024-08-02 00:41
VLAI?
Title
WordPress WPFunnels plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels Team WPFunnels allows Stored XSS.This issue affects WPFunnels: from n/a through 3.0.6.
Severity ?
5.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WPFunnels Team | WPFunnels |
Affected:
n/a , ≤ 3.0.6
(custom)
|
Credits
hye0ngseok (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T18:36:41.835732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T18:38:48.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-3-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpfunnels",
"product": "WPFunnels",
"vendor": "WPFunnels Team",
"versions": [
{
"changes": [
{
"at": "3.0.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.0.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "hye0ngseok (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in WPFunnels Team WPFunnels allows Stored XSS.\u003cp\u003eThis issue affects WPFunnels: from n/a through 3.0.6.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in WPFunnels Team WPFunnels allows Stored XSS.This issue affects WPFunnels: from n/a through 3.0.6.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T16:38:15.646Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-3-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.0.7 or a higher version."
}
],
"value": "Update to 3.0.7 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WPFunnels plugin \u003c= 3.0.6 - Cross Site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-27965",
"datePublished": "2024-03-21T16:38:15.646Z",
"dateReserved": "2024-02-28T16:45:55.564Z",
"dateUpdated": "2024-08-02T00:41:55.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37977 (GCVE-0-2023-37977)
Vulnerability from cvelistv5 – Published: 2023-07-27 14:16 – Updated: 2024-08-02 17:23
VLAI?
Title
WordPress WPFunnels Plugin <= 2.7.16 is vulnerable to Cross Site Scripting (XSS)
Summary
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WPFunnels Team | Drag & Drop Sales Funnel Builder for WordPress – WPFunnels |
Affected:
n/a , ≤ 2.7.16
(custom)
|
Credits
LEE SE HYOUNG (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-2-7-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpfunnels",
"product": "Drag \u0026 Drop Sales Funnel Builder for WordPress \u2013 WPFunnels",
"vendor": "WPFunnels Team",
"versions": [
{
"changes": [
{
"at": "2.7.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.16",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "LEE SE HYOUNG (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag \u0026amp; Drop Sales Funnel Builder for WordPress \u2013 WPFunnels plugin \u0026lt;=\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;2.7.16 versions.\u003c/span\u003e"
}
],
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag \u0026 Drop Sales Funnel Builder for WordPress \u2013 WPFunnels plugin \u003c=\u00a02.7.16 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T14:16:11.339Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-2-7-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.7.17 or a higher version."
}
],
"value": "Update to\u00a02.7.17 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WPFunnels Plugin \u003c= 2.7.16 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-37977",
"datePublished": "2023-07-27T14:16:11.339Z",
"dateReserved": "2023-07-11T11:35:05.915Z",
"dateUpdated": "2024-08-02T17:23:27.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0173 (GCVE-0-2023-0173)
Vulnerability from cvelistv5 – Published: 2023-02-06 19:59 – Updated: 2025-03-25 18:10
VLAI?
Title
WPFunnels < 2.6.9 - Contributor+ Stored XSS
Summary
The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Drag & Drop Sales Funnel Builder for WordPress |
Affected:
0 , < 2.6.9
(custom)
|
Credits
Lana Codes
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:02:43.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/c543b6e2-a7c0-4ba7-a308-e9951dd59fb9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0173",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T18:10:11.945932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T18:10:37.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Drag \u0026 Drop Sales Funnel Builder for WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.6.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lana Codes"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Drag \u0026 Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-06T19:59:32.104Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/c543b6e2-a7c0-4ba7-a308-e9951dd59fb9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WPFunnels \u003c 2.6.9 - Contributor+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-0173",
"datePublished": "2023-02-06T19:59:32.104Z",
"dateReserved": "2023-01-11T03:09:47.905Z",
"dateUpdated": "2025-03-25T18:10:37.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}