All 4 CVE vulnerabilities found in WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell, with AI-generated Chinese analysis, references, and POCs.
Vendor: getwpfunnels
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-0626 | WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode CWE-79 | 6.4 | Medium | 2026-04-04 |
| CVE-2025-12000 | WPFunnels <= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal CWE-22 | 6.5 | Medium | 2025-11-08 |
| CVE-2025-12353 | WPFunnels <= 3.6.2 - Unauthorized User Registration CWE-639 | 5.3 | Medium | 2025-11-08 |
| CVE-2024-10792 | Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels <= 3.5.5 - Reflected Cross-Site Scripting CWE-79 | 6.1 | Medium | 2024-11-21 |
All 4 known CVE vulnerabilities affecting WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell with full Chinese analysis, references, and POCs where available.