Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
32 vulnerabilities by getwpfunnels
CVE-2026-15103 (GCVE-0-2026-15103)
Vulnerability from nvd – Published: 2026-07-16 08:26 – Updated: 2026-07-16 15:11
VLAI
EPSS
VEX
Title
WPFunnels <= 3.12.8 - Authenticated (Funnel Manager+) Privilege Escalation via 'group_id' Path Parameter
Summary
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and including, 3.12.8. This is due to the `update_settings()` REST callback failing to validate the `group_id` path parameter against an allowlist of permitted option names before passing it directly to `get_option()` and `update_option()`, allowing the built-in `wp_user_roles` option — which satisfies the route's loose `[\w-]+` regex — to be targeted. This makes it possible for authenticated attackers with the `wpf_manage_funnels` capability and above to elevate their privileges to administrator by writing a crafted role definition containing arbitrary capabilities into the `wp_user_roles` option, thereby granting any WordPress role full site administrator access. The `wpf_manage_funnels` capability is typically assigned to the Funnel Manager custom role created by the plugin, meaning this role is the minimum required to exploit the vulnerability.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.12.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T13:28:22.085771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T15:11:22.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.12.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "PRISM"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and including, 3.12.8. This is due to the `update_settings()` REST callback failing to validate the `group_id` path parameter against an allowlist of permitted option names before passing it directly to `get_option()` and `update_option()`, allowing the built-in `wp_user_roles` option \u2014 which satisfies the route\u0027s loose `[\\w-]+` regex \u2014 to be targeted. This makes it possible for authenticated attackers with the `wpf_manage_funnels` capability and above to elevate their privileges to administrator by writing a crafted role definition containing arbitrary capabilities into the `wp_user_roles` option, thereby granting any WordPress role full site administrator access. The `wpf_manage_funnels` capability is typically assigned to the Funnel Manager custom role created by the plugin, meaning this role is the minimum required to exploit the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T08:26:50.831Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76ad6d21-f277-496f-aa6b-f9d5cb8a3801?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.8/includes/core/rest-api/Controllers/class-settings-controller.php#L462"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.8/includes/core/rest-api/Controllers/class-settings-controller.php#L66"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.8/includes/core/rest-api/Controllers/class-settings-controller.php#L40"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.8/includes/utils/class-wpfnl-functions.php#L1216"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3607181%40wpfunnels\u0026new=3607181%40wpfunnels"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-08T17:13:14.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-15T20:13:20.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.12.8 - Authenticated (Funnel Manager+) Privilege Escalation via \u0027group_id\u0027 Path Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-15103",
"datePublished": "2026-07-16T08:26:50.831Z",
"dateReserved": "2026-07-08T16:58:02.760Z",
"dateUpdated": "2026-07-16T15:11:22.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12918 (GCVE-0-2026-12918)
Vulnerability from nvd – Published: 2026-07-10 09:32 – Updated: 2026-07-14 01:39
VLAI
EPSS
VEX
Title
Mail Mint <= 1.24.1 - Authenticated (Administrator+) SQL Injection via 'recipients' Parameter
Summary
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is a second-order SQL injection: the malicious payload is first stored unsanitized via a POST request to /mrm/v1/campaigns/ (bypassing filter_recipients() validation because an int-cast of a string like '1) OR ...' evaluates to a real numeric ID), and is then triggered by a subsequent GET request to /mrm/v1/campaigns/{id} that deserializes the recipients and passes the raw id string through array_column() into the vulnerable query.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails |
Affected:
0 , ≤ 1.24.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T01:38:02.218291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T01:39:25.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.24.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "PRISM"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the \u0027recipients\u0027 parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is a second-order SQL injection: the malicious payload is first stored unsanitized via a POST request to /mrm/v1/campaigns/ (bypassing filter_recipients() validation because an int-cast of a string like \u00271) OR ...\u0027 evaluates to a real numeric ID), and is then triggered by a subsequent GET request to /mrm/v1/campaigns/{id} that deserializes the recipients and passes the raw id string through array_column() into the vulnerable query."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T09:32:44.736Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf7c500e-311f-4db5-8a54-de7b02fb11dd?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/Database/models/ContactGroupPivotModel.php#L130"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/MrmCommon.php#L1197"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/API/Controllers/Admin/CampaignController.php#L304"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/API/Controllers/Admin/CampaignController.php#L1088"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3592458%40mail-mint\u0026new=3592458%40mail-mint"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-22T16:46:06.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-09T20:55:55.000Z",
"value": "Disclosed"
}
],
"title": "Mail Mint \u003c= 1.24.1 - Authenticated (Administrator+) SQL Injection via \u0027recipients\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-12918",
"datePublished": "2026-07-10T09:32:44.736Z",
"dateReserved": "2026-06-22T16:30:56.786Z",
"dateUpdated": "2026-07-14T01:39:25.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14342 (GCVE-0-2026-14342)
Vulnerability from nvd – Published: 2026-07-09 07:55 – Updated: 2026-07-09 12:46
VLAI
EPSS
VEX
Title
Mail Mint <= 1.24.2 - Authenticated (Administrator+) SQL Injection via 'contact_ids' Parameter
Summary
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contact_ids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails |
Affected:
0 , ≤ 1.24.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T12:46:33.376914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:46:41.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.24.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "PRISM"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the \u0027contact_ids\u0027 parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T07:55:14.853Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd75e795-54b8-4b9a-9417-9f707215ebfa?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/Database/Models/ContactModel.php#L1159"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Controllers/Admin/ContactController.php#L1049"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Routes/Admin/ContactRoute.php#L475"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3597255%40mail-mint\u0026new=3597255%40mail-mint"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-01T14:37:45.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-08T19:35:45.000Z",
"value": "Disclosed"
}
],
"title": "Mail Mint \u003c= 1.24.2 - Authenticated (Administrator+) SQL Injection via \u0027contact_ids\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-14342",
"datePublished": "2026-07-09T07:55:14.853Z",
"dateReserved": "2026-07-01T14:22:37.127Z",
"dateUpdated": "2026-07-09T12:46:41.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13080 (GCVE-0-2026-13080)
Vulnerability from nvd – Published: 2026-07-09 06:52 – Updated: 2026-07-09 12:47
VLAI
EPSS
VEX
Title
WPFunnels <= 3.12.7 - Authenticated (Administrator+) Local File Inclusion via 'logKey' Parameter
Summary
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.12.7 via the 'logKey' parameter parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
10 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.12.7
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T12:47:13.079038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:47:19.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Danh Dao (IAmNewbie)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.12.7 via the \u0027logKey\u0027 parameter parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T06:52:50.904Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e48ce7d2-0c57-499a-81b6-2d9488de704c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.6/admin/modules/settings/class-wpfnl-settings.php#L709"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.6/admin/modules/settings/class-wpfnl-settings.php#L703"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.6/admin/modules/settings/class-wpfnl-settings.php#L181"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.6/vendor/philipnewcomer/wp-ajax-helper/src/components/Utility.php#L26"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.11.0/admin/modules/settings/class-wpfnl-settings.php#L709"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.11.0/admin/modules/settings/class-wpfnl-settings.php#L703"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.11.0/admin/modules/settings/class-wpfnl-settings.php#L181"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.11.0/vendor/philipnewcomer/wp-ajax-helper/src/components/Utility.php#L26"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3597260%40wpfunnels\u0026new=3597260%40wpfunnels"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-23T18:23:42.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.12.7 - Authenticated (Administrator+) Local File Inclusion via \u0027logKey\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-13080",
"datePublished": "2026-07-09T06:52:50.904Z",
"dateReserved": "2026-06-23T18:08:34.576Z",
"dateUpdated": "2026-07-09T12:47:19.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14345 (GCVE-0-2026-14345)
Vulnerability from nvd – Published: 2026-07-07 05:34 – Updated: 2026-07-08 17:11
VLAI
EPSS
VEX
Title
WPFunnels <= 3.12.7 - Unauthenticated Remote Code Execution via 'postData' Parameter
Summary
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values into a PHP-includeable .log file combined with the use of include_once to render that file in wpfnl_show_log. This makes it possible for unauthenticated attackers to execute code on the server. Exploitation requires that the Log Settings "Enable Logs" toggle is on and that an administrator subsequently opens the polluted log file via the plugin's Log Settings View UI; however, the nonce required to reach the optin endpoint is publicly emitted on every funnel step page, so the injection step itself is fully unauthenticated.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
11 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.12.7
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T13:52:57.720625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T17:11:20.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "thevietronin"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the \u0027postData\u0027 parameter parameter. This is due to unsanitized write of attacker-controlled postData values into a PHP-includeable .log file combined with the use of include_once to render that file in wpfnl_show_log. This makes it possible for unauthenticated attackers to execute code on the server. Exploitation requires that the Log Settings \"Enable Logs\" toggle is on and that an administrator subsequently opens the polluted log file via the plugin\u0027s Log Settings View UI; however, the nonce required to reach the optin endpoint is publicly emitted on every funnel step page, so the injection step itself is fully unauthenticated."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T05:34:19.628Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d84d749-0ab5-49dd-8e4f-45681f197742?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/admin/modules/settings/class-wpfnl-settings.php#L709"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/public/class-wpfnl-public.php#L1185"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/includes/core/classes/class-wpfnl-ajax-handler.php#L523"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/includes/core/classes/class-wpfnl-ajax-handler.php#L39"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/admin/modules/settings/class-wpfnl-settings.php#L709"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/public/class-wpfnl-public.php#L1185"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/includes/core/classes/class-wpfnl-ajax-handler.php#L523"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/includes/core/classes/class-wpfnl-ajax-handler.php#L39"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3597260/wpfunnels/trunk/admin/modules/settings/class-wpfnl-settings.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fwpfunnels/tags/3.12.7\u0026new_path=%2Fwpfunnels/tags/3.12.8"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-01T15:48:37.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-06T16:35:34.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.12.7 - Unauthenticated Remote Code Execution via \u0027postData\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-14345",
"datePublished": "2026-07-07T05:34:19.628Z",
"dateReserved": "2026-07-01T15:32:02.804Z",
"dateUpdated": "2026-07-08T17:11:20.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0626 (GCVE-0-2026-0626)
Vulnerability from nvd – Published: 2026-04-04 11:16 – Updated: 2026-04-08 16:41
VLAI
EPSS
VEX
Title
WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode
Summary
The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpf_optin_form' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of the 'button_icon' parameter. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.7.9
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T16:45:22.957985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T16:46:25.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.7.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Paolo Tresso"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels \u2013 Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads \u0026 Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027wpf_optin_form\u0027 shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of the \u0027button_icon\u0027 parameter. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:41:23.537Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2130847a-b6c5-412e-8d90-ba42d3fb21f6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3439366/wpfunnels/trunk/includes/core/shortcodes/templates/optin/form.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-05T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-01-05T21:55:53.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-03T22:13:01.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via \u0027wpf_optin_form\u0027 Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-0626",
"datePublished": "2026-04-04T11:16:13.764Z",
"dateReserved": "2026-01-05T21:49:40.411Z",
"dateUpdated": "2026-04-08T16:41:23.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1258 (GCVE-0-2026-1258)
Vulnerability from nvd – Published: 2026-02-14 08:26 – Updated: 2026-04-08 17:28
VLAI
EPSS
VEX
Title
Mail Mint <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints
Summary
The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by', 'order-type', and 'selectedCourses' parameters and lack of sufficient preparation on the existing SQL queries. This makes it possible for authenticated attackers, with administrator level access and above, to append additional SQL queries into already existing queries.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails |
Affected:
0 , ≤ 1.19.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T15:36:23.534985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T15:44:11.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.19.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Paolo Tresso"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the \u0027forms\u0027, \u0027automation\u0027, \u0027email/templates\u0027, and \u0027contacts/import/tutorlms/map\u0027 API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied \u0027order-by\u0027, \u0027order-type\u0027, and \u0027selectedCourses\u0027 parameters and lack of sufficient preparation on the existing SQL queries. This makes it possible for authenticated attackers, with administrator level access and above, to append additional SQL queries into already existing queries."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:28:32.434Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfb59bca-0653-4e75-8da1-e78e5d659422?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/Database/models/FormModel.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/Internal/Automation/Core/DataStore/AutomationStore.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/API/Actions/Admin/Email/TemplateAction.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/Utilities/Helper/Import.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-09T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-01-20T20:20:14.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-13T19:51:24.000Z",
"value": "Disclosed"
}
],
"title": "Mail Mint \u003c= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1258",
"datePublished": "2026-02-14T08:26:48.193Z",
"dateReserved": "2026-01-20T20:05:01.189Z",
"dateUpdated": "2026-04-08T17:28:32.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1447 (GCVE-0-2026-1447)
Vulnerability from nvd – Published: 2026-02-03 06:38 – Updated: 2026-04-08 17:30
VLAI
EPSS
VEX
Title
Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Summary
The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it possible for unauthenticated attackers to create or update contact notes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Due to missing sanitization and escaping this can lead to stored Cross-Site Scripting.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails |
Affected:
0 , ≤ 1.19.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T15:25:58.042790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T15:30:16.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.19.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bui Van Y"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it possible for unauthenticated attackers to create or update contact notes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Due to missing sanitization and escaping this can lead to stored Cross-Site Scripting."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:30:11.747Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e67ae204-2848-4389-a78d-7b3798e4ee54?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php?old=3032077\u0026old_path=mail-mint%2Ftrunk%2Fapp%2FAPI%2FActions%2FAdmin%2FContact%2FContactProfileAction.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-26T17:16:50.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-02T18:07:42.000Z",
"value": "Disclosed"
}
],
"title": "Mail Mint \u003c= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1447",
"datePublished": "2026-02-03T06:38:05.981Z",
"dateReserved": "2026-01-26T17:00:55.043Z",
"dateUpdated": "2026-04-08T17:30:11.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15347 (GCVE-0-2025-15347)
Vulnerability from nvd – Published: 2026-01-20 14:26 – Updated: 2026-04-14 15:07
VLAI
EPSS
VEX
Title
Creator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update
Summary
The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check function in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor level access and above, to update arbitrary WordPress options.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | Creator LMS – Online Courses and eLearning Plugin |
Affected:
0 , ≤ 1.1.12
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T14:50:10.607501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:07:39.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Creator LMS \u2013 Online Courses and eLearning Plugin",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.1.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sarawut Poolkhet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Creator LMS \u2013 The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check function in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor level access and above, to update arbitrary WordPress options."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:51:05.547Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4bddaefc-9ddc-4798-acb6-7b87f7c924a1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3433193/creatorlms/tags/1.1.13/includes/Rest/V1/SettingsController.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-22T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-12-30T00:07:43.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-20T01:48:16.000Z",
"value": "Disclosed"
}
],
"title": "Creator LMS \u2013 The LMS for Creators, Coaches, and Trainers \u003c= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15347",
"datePublished": "2026-01-20T14:26:33.130Z",
"dateReserved": "2025-12-29T23:50:31.027Z",
"dateUpdated": "2026-04-14T15:07:39.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11967 (GCVE-0-2025-11967)
Vulnerability from nvd – Published: 2025-11-08 09:28 – Updated: 2026-04-08 17:24
VLAI
EPSS
VEX
Title
Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload
Summary
The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails |
Affected:
0 , ≤ 1.18.10
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:08:05.303014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:13:37.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.18.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Le Cong Danh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:24:41.225Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf902756-21f3-483b-a5d8-a9b4226bde22?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3389643/mail-mint/tags/1.18.11/app/API/Actions/Admin/Contact/ContactImportAction.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-21T15:27:26.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T21:08:54.000Z",
"value": "Disclosed"
}
],
"title": "Mail Mint \u003c= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11967",
"datePublished": "2025-11-08T09:28:11.511Z",
"dateReserved": "2025-10-20T15:11:14.944Z",
"dateUpdated": "2026-04-08T17:24:41.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12353 (GCVE-0-2025-12353)
Vulnerability from nvd – Published: 2025-11-08 03:27 – Updated: 2026-04-08 16:51
VLAI
EPSS
VEX
Title
WPFunnels <= 3.6.2 - Unauthorized User Registration
Summary
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value 'optin_allow_registration' to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.6.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T19:55:24.670204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T19:58:32.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmed Rayen Ayari"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels \u2013 The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value \u0027optin_allow_registration\u0027 to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:51:41.520Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e376c96-47a8-419f-ab45-f7c46510c767?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3389604/wpfunnels/trunk/public/class-wpfnl-public.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-27T15:28:20.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T15:06:12.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.6.2 - Unauthorized User Registration"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12353",
"datePublished": "2025-11-08T03:27:47.222Z",
"dateReserved": "2025-10-27T15:11:29.679Z",
"dateUpdated": "2026-04-08T16:51:41.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12000 (GCVE-0-2025-12000)
Vulnerability from nvd – Published: 2025-11-08 03:27 – Updated: 2026-04-08 17:27
VLAI
EPSS
VEX
Title
WPFunnels <= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal
Summary
The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.6.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:07:26.229752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:14:35.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Le Cong Danh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:27:08.002Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d969eb46-b12a-4a36-9321-bf1479906a5d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/admin/modules/settings/class-wpfnl-settings.php#L591"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/includes/core/logger/class-wpfnl-logger.php#L172"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3389604/wpfunnels/trunk/admin/modules/settings/class-wpfnl-settings.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-21T15:28:43.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T15:07:46.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12000",
"datePublished": "2025-11-08T03:27:49.707Z",
"dateReserved": "2025-10-20T21:28:29.626Z",
"dateUpdated": "2026-04-08T17:27:08.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-10792 (GCVE-0-2024-10792)
Vulnerability from nvd – Published: 2024-11-21 09:32 – Updated: 2026-04-08 17:10
VLAI
EPSS
VEX
Title
Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels <= 3.5.5 - Reflected Cross-Site Scripting
Summary
The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This was partially patched in 3.5.4 and fully patched in 3.5.5.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.5.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T11:28:45.687984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T11:30:08.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.5.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nathaniel Oh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Easiest Funnel Builder For WordPress \u0026 WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u0027post_id\u0027 parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This was partially patched in 3.5.4 and fully patched in 3.5.5."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:10:39.365Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9846cb0e-fc68-4a1b-a5a5-63116289c369?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/trunk/includes/core/widgets/oxygen/elements/optin/template/template-optin.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3193046/wpfunnels/trunk/includes/core/widgets/oxygen/elements/optin/template/template-optin.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3193046%40wpfunnels\u0026new=3193046%40wpfunnels\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Easiest Funnel Builder For WordPress \u0026 WooCommerce by WPFunnels \u003c= 3.5.5 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10792",
"datePublished": "2024-11-21T09:32:49.679Z",
"dateReserved": "2024-11-04T15:12:23.819Z",
"dateUpdated": "2026-04-08T17:10:39.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27965 (GCVE-0-2024-27965)
Vulnerability from nvd – Published: 2024-03-21 16:38 – Updated: 2026-04-28 16:09
VLAI
EPSS
VEX
Title
WordPress WPFunnels plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels wpfunnels.This issue affects WPFunnels: from n/a through <= 3.0.6.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| https://patchstack.com/database/vulnerability/wpf… | vdb-entryx_transferred |
Impacted products
Date Public
2026-04-01 16:23
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T18:36:41.835732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T18:38:48.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-3-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpfunnels",
"product": "WPFunnels",
"vendor": "WPFunnels",
"versions": [
{
"changes": [
{
"at": "3.0.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Team WeBoB | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:23:44.973Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in WPFunnels WPFunnels wpfunnels.\u003cp\u003eThis issue affects WPFunnels: from n/a through \u003c= 3.0.6.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in WPFunnels WPFunnels wpfunnels.This issue affects WPFunnels: from n/a through \u003c= 3.0.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:14.639Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wpfunnels/vulnerability/wordpress-wpfunnels-plugin-3-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WPFunnels plugin \u003c= 3.0.6 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-27965",
"datePublished": "2024-03-21T16:38:15.646Z",
"dateReserved": "2024-02-28T16:45:55.564Z",
"dateUpdated": "2026-04-28T16:09:14.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-37977 (GCVE-0-2023-37977)
Vulnerability from nvd – Published: 2023-07-27 14:16 – Updated: 2026-04-28 16:08
VLAI
EPSS
VEX
Title
WordPress WPFunnels Plugin <= 2.7.16 is vulnerable to Cross Site Scripting (XSS)
Summary
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions.
Severity
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/wpf… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WPFunnels Team | Drag & Drop Sales Funnel Builder for WordPress – WPFunnels |
Affected:
n/a , ≤ 2.7.16
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-2-7-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpfunnels",
"product": "Drag \u0026 Drop Sales Funnel Builder for WordPress \u2013 WPFunnels",
"vendor": "WPFunnels Team",
"versions": [
{
"changes": [
{
"at": "2.7.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.16",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "LEE SE HYOUNG (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag \u0026 Drop Sales Funnel Builder for WordPress \u2013 WPFunnels plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.7.16 versions.\u003c/span\u003e"
}
],
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag \u0026 Drop Sales Funnel Builder for WordPress \u2013 WPFunnels plugin \u003c=\u00a02.7.16 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:32.957Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-2-7-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a02.7.17 or a higher version."
}
],
"value": "Update to\u00a02.7.17 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WPFunnels Plugin \u003c= 2.7.16 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-37977",
"datePublished": "2023-07-27T14:16:11.339Z",
"dateReserved": "2023-07-11T11:35:05.915Z",
"dateUpdated": "2026-04-28T16:08:32.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15103 (GCVE-0-2026-15103)
Vulnerability from cvelistv5 – Published: 2026-07-16 08:26 – Updated: 2026-07-16 15:11
VLAI
EPSS
VEX
Title
WPFunnels <= 3.12.8 - Authenticated (Funnel Manager+) Privilege Escalation via 'group_id' Path Parameter
Summary
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and including, 3.12.8. This is due to the `update_settings()` REST callback failing to validate the `group_id` path parameter against an allowlist of permitted option names before passing it directly to `get_option()` and `update_option()`, allowing the built-in `wp_user_roles` option — which satisfies the route's loose `[\w-]+` regex — to be targeted. This makes it possible for authenticated attackers with the `wpf_manage_funnels` capability and above to elevate their privileges to administrator by writing a crafted role definition containing arbitrary capabilities into the `wp_user_roles` option, thereby granting any WordPress role full site administrator access. The `wpf_manage_funnels` capability is typically assigned to the Funnel Manager custom role created by the plugin, meaning this role is the minimum required to exploit the vulnerability.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.12.8
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T13:28:22.085771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T15:11:22.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.12.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "PRISM"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and including, 3.12.8. This is due to the `update_settings()` REST callback failing to validate the `group_id` path parameter against an allowlist of permitted option names before passing it directly to `get_option()` and `update_option()`, allowing the built-in `wp_user_roles` option \u2014 which satisfies the route\u0027s loose `[\\w-]+` regex \u2014 to be targeted. This makes it possible for authenticated attackers with the `wpf_manage_funnels` capability and above to elevate their privileges to administrator by writing a crafted role definition containing arbitrary capabilities into the `wp_user_roles` option, thereby granting any WordPress role full site administrator access. The `wpf_manage_funnels` capability is typically assigned to the Funnel Manager custom role created by the plugin, meaning this role is the minimum required to exploit the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T08:26:50.831Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/76ad6d21-f277-496f-aa6b-f9d5cb8a3801?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.8/includes/core/rest-api/Controllers/class-settings-controller.php#L462"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.8/includes/core/rest-api/Controllers/class-settings-controller.php#L66"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.8/includes/core/rest-api/Controllers/class-settings-controller.php#L40"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.8/includes/utils/class-wpfnl-functions.php#L1216"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3607181%40wpfunnels\u0026new=3607181%40wpfunnels"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-08T17:13:14.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-15T20:13:20.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.12.8 - Authenticated (Funnel Manager+) Privilege Escalation via \u0027group_id\u0027 Path Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-15103",
"datePublished": "2026-07-16T08:26:50.831Z",
"dateReserved": "2026-07-08T16:58:02.760Z",
"dateUpdated": "2026-07-16T15:11:22.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12918 (GCVE-0-2026-12918)
Vulnerability from cvelistv5 – Published: 2026-07-10 09:32 – Updated: 2026-07-14 01:39
VLAI
EPSS
VEX
Title
Mail Mint <= 1.24.1 - Authenticated (Administrator+) SQL Injection via 'recipients' Parameter
Summary
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is a second-order SQL injection: the malicious payload is first stored unsanitized via a POST request to /mrm/v1/campaigns/ (bypassing filter_recipients() validation because an int-cast of a string like '1) OR ...' evaluates to a real numeric ID), and is then triggered by a subsequent GET request to /mrm/v1/campaigns/{id} that deserializes the recipients and passes the raw id string through array_column() into the vulnerable query.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails |
Affected:
0 , ≤ 1.24.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T01:38:02.218291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T01:39:25.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.24.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "PRISM"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the \u0027recipients\u0027 parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is a second-order SQL injection: the malicious payload is first stored unsanitized via a POST request to /mrm/v1/campaigns/ (bypassing filter_recipients() validation because an int-cast of a string like \u00271) OR ...\u0027 evaluates to a real numeric ID), and is then triggered by a subsequent GET request to /mrm/v1/campaigns/{id} that deserializes the recipients and passes the raw id string through array_column() into the vulnerable query."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T09:32:44.736Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf7c500e-311f-4db5-8a54-de7b02fb11dd?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/Database/models/ContactGroupPivotModel.php#L130"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/MrmCommon.php#L1197"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/API/Controllers/Admin/CampaignController.php#L304"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.24.1/app/API/Controllers/Admin/CampaignController.php#L1088"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3592458%40mail-mint\u0026new=3592458%40mail-mint"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-22T16:46:06.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-09T20:55:55.000Z",
"value": "Disclosed"
}
],
"title": "Mail Mint \u003c= 1.24.1 - Authenticated (Administrator+) SQL Injection via \u0027recipients\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-12918",
"datePublished": "2026-07-10T09:32:44.736Z",
"dateReserved": "2026-06-22T16:30:56.786Z",
"dateUpdated": "2026-07-14T01:39:25.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14342 (GCVE-0-2026-14342)
Vulnerability from cvelistv5 – Published: 2026-07-09 07:55 – Updated: 2026-07-09 12:46
VLAI
EPSS
VEX
Title
Mail Mint <= 1.24.2 - Authenticated (Administrator+) SQL Injection via 'contact_ids' Parameter
Summary
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contact_ids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails |
Affected:
0 , ≤ 1.24.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T12:46:33.376914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:46:41.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.24.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "PRISM"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the \u0027contact_ids\u0027 parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T07:55:14.853Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd75e795-54b8-4b9a-9417-9f707215ebfa?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/Database/Models/ContactModel.php#L1159"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Controllers/Admin/ContactController.php#L1049"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Routes/Admin/ContactRoute.php#L475"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3597255%40mail-mint\u0026new=3597255%40mail-mint"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-01T14:37:45.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-08T19:35:45.000Z",
"value": "Disclosed"
}
],
"title": "Mail Mint \u003c= 1.24.2 - Authenticated (Administrator+) SQL Injection via \u0027contact_ids\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-14342",
"datePublished": "2026-07-09T07:55:14.853Z",
"dateReserved": "2026-07-01T14:22:37.127Z",
"dateUpdated": "2026-07-09T12:46:41.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13080 (GCVE-0-2026-13080)
Vulnerability from cvelistv5 – Published: 2026-07-09 06:52 – Updated: 2026-07-09 12:47
VLAI
EPSS
VEX
Title
WPFunnels <= 3.12.7 - Authenticated (Administrator+) Local File Inclusion via 'logKey' Parameter
Summary
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.12.7 via the 'logKey' parameter parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Assigner
References
10 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.12.7
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T12:47:13.079038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:47:19.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Danh Dao (IAmNewbie)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.12.7 via the \u0027logKey\u0027 parameter parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T06:52:50.904Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e48ce7d2-0c57-499a-81b6-2d9488de704c?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.6/admin/modules/settings/class-wpfnl-settings.php#L709"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.6/admin/modules/settings/class-wpfnl-settings.php#L703"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.6/admin/modules/settings/class-wpfnl-settings.php#L181"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.6/vendor/philipnewcomer/wp-ajax-helper/src/components/Utility.php#L26"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.11.0/admin/modules/settings/class-wpfnl-settings.php#L709"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.11.0/admin/modules/settings/class-wpfnl-settings.php#L703"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.11.0/admin/modules/settings/class-wpfnl-settings.php#L181"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.11.0/vendor/philipnewcomer/wp-ajax-helper/src/components/Utility.php#L26"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3597260%40wpfunnels\u0026new=3597260%40wpfunnels"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-23T18:23:42.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.12.7 - Authenticated (Administrator+) Local File Inclusion via \u0027logKey\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-13080",
"datePublished": "2026-07-09T06:52:50.904Z",
"dateReserved": "2026-06-23T18:08:34.576Z",
"dateUpdated": "2026-07-09T12:47:19.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14345 (GCVE-0-2026-14345)
Vulnerability from cvelistv5 – Published: 2026-07-07 05:34 – Updated: 2026-07-08 17:11
VLAI
EPSS
VEX
Title
WPFunnels <= 3.12.7 - Unauthenticated Remote Code Execution via 'postData' Parameter
Summary
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values into a PHP-includeable .log file combined with the use of include_once to render that file in wpfnl_show_log. This makes it possible for unauthenticated attackers to execute code on the server. Exploitation requires that the Log Settings "Enable Logs" toggle is on and that an administrator subsequently opens the polluted log file via the plugin's Log Settings View UI; however, the nonce required to reach the optin endpoint is publicly emitted on every funnel step page, so the injection step itself is fully unauthenticated.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
11 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.12.7
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T13:52:57.720625Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T17:11:20.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.12.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "thevietronin"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the \u0027postData\u0027 parameter parameter. This is due to unsanitized write of attacker-controlled postData values into a PHP-includeable .log file combined with the use of include_once to render that file in wpfnl_show_log. This makes it possible for unauthenticated attackers to execute code on the server. Exploitation requires that the Log Settings \"Enable Logs\" toggle is on and that an administrator subsequently opens the polluted log file via the plugin\u0027s Log Settings View UI; however, the nonce required to reach the optin endpoint is publicly emitted on every funnel step page, so the injection step itself is fully unauthenticated."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T05:34:19.628Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d84d749-0ab5-49dd-8e4f-45681f197742?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/admin/modules/settings/class-wpfnl-settings.php#L709"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/public/class-wpfnl-public.php#L1185"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/includes/core/classes/class-wpfnl-ajax-handler.php#L523"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/includes/core/classes/class-wpfnl-ajax-handler.php#L39"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/admin/modules/settings/class-wpfnl-settings.php#L709"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/public/class-wpfnl-public.php#L1185"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/includes/core/classes/class-wpfnl-ajax-handler.php#L523"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/includes/core/classes/class-wpfnl-ajax-handler.php#L39"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3597260/wpfunnels/trunk/admin/modules/settings/class-wpfnl-settings.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fwpfunnels/tags/3.12.7\u0026new_path=%2Fwpfunnels/tags/3.12.8"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-01T15:48:37.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-06T16:35:34.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.12.7 - Unauthenticated Remote Code Execution via \u0027postData\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-14345",
"datePublished": "2026-07-07T05:34:19.628Z",
"dateReserved": "2026-07-01T15:32:02.804Z",
"dateUpdated": "2026-07-08T17:11:20.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0626 (GCVE-0-2026-0626)
Vulnerability from cvelistv5 – Published: 2026-04-04 11:16 – Updated: 2026-04-08 16:41
VLAI
EPSS
VEX
Title
WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode
Summary
The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpf_optin_form' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of the 'button_icon' parameter. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.7.9
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T16:45:22.957985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T16:46:25.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.7.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Paolo Tresso"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels \u2013 Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads \u0026 Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027wpf_optin_form\u0027 shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of the \u0027button_icon\u0027 parameter. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:41:23.537Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2130847a-b6c5-412e-8d90-ba42d3fb21f6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3439366/wpfunnels/trunk/includes/core/shortcodes/templates/optin/form.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-05T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-01-05T21:55:53.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-04-03T22:13:01.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via \u0027wpf_optin_form\u0027 Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-0626",
"datePublished": "2026-04-04T11:16:13.764Z",
"dateReserved": "2026-01-05T21:49:40.411Z",
"dateUpdated": "2026-04-08T16:41:23.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1258 (GCVE-0-2026-1258)
Vulnerability from cvelistv5 – Published: 2026-02-14 08:26 – Updated: 2026-04-08 17:28
VLAI
EPSS
VEX
Title
Mail Mint <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints
Summary
The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied 'order-by', 'order-type', and 'selectedCourses' parameters and lack of sufficient preparation on the existing SQL queries. This makes it possible for authenticated attackers, with administrator level access and above, to append additional SQL queries into already existing queries.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails |
Affected:
0 , ≤ 1.19.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T15:36:23.534985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T15:44:11.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.19.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Paolo Tresso"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the \u0027forms\u0027, \u0027automation\u0027, \u0027email/templates\u0027, and \u0027contacts/import/tutorlms/map\u0027 API endpoints in all versions up to, and including, 1.19.2 . This is due to insufficient escaping on the user supplied \u0027order-by\u0027, \u0027order-type\u0027, and \u0027selectedCourses\u0027 parameters and lack of sufficient preparation on the existing SQL queries. This makes it possible for authenticated attackers, with administrator level access and above, to append additional SQL queries into already existing queries."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:28:32.434Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfb59bca-0653-4e75-8da1-e78e5d659422?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/Database/models/FormModel.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/Internal/Automation/Core/DataStore/AutomationStore.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/API/Actions/Admin/Email/TemplateAction.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/Utilities/Helper/Import.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-09T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2026-01-20T20:20:14.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-13T19:51:24.000Z",
"value": "Disclosed"
}
],
"title": "Mail Mint \u003c= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1258",
"datePublished": "2026-02-14T08:26:48.193Z",
"dateReserved": "2026-01-20T20:05:01.189Z",
"dateUpdated": "2026-04-08T17:28:32.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1447 (GCVE-0-2026-1447)
Vulnerability from cvelistv5 – Published: 2026-02-03 06:38 – Updated: 2026-04-08 17:30
VLAI
EPSS
VEX
Title
Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Summary
The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it possible for unauthenticated attackers to create or update contact notes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Due to missing sanitization and escaping this can lead to stored Cross-Site Scripting.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails |
Affected:
0 , ≤ 1.19.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T15:25:58.042790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T15:30:16.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.19.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bui Van Y"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note function. This makes it possible for unauthenticated attackers to create or update contact notes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Due to missing sanitization and escaping this can lead to stored Cross-Site Scripting."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:30:11.747Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e67ae204-2848-4389-a78d-7b3798e4ee54?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Routes/Admin/Contact/ContactProfileRoute.php#L105"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85"
},
{
"url": "https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Actions/Admin/Contact/ContactProfileAction.php#L85"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAction.php?old=3032077\u0026old_path=mail-mint%2Ftrunk%2Fapp%2FAPI%2FActions%2FAdmin%2FContact%2FContactProfileAction.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-26T17:16:50.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-02T18:07:42.000Z",
"value": "Disclosed"
}
],
"title": "Mail Mint \u003c= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1447",
"datePublished": "2026-02-03T06:38:05.981Z",
"dateReserved": "2026-01-26T17:00:55.043Z",
"dateUpdated": "2026-04-08T17:30:11.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15347 (GCVE-0-2025-15347)
Vulnerability from cvelistv5 – Published: 2026-01-20 14:26 – Updated: 2026-04-14 15:07
VLAI
EPSS
VEX
Title
Creator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update
Summary
The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check function in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor level access and above, to update arbitrary WordPress options.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | Creator LMS – Online Courses and eLearning Plugin |
Affected:
0 , ≤ 1.1.12
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T14:50:10.607501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:07:39.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Creator LMS \u2013 Online Courses and eLearning Plugin",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.1.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sarawut Poolkhet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Creator LMS \u2013 The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check function in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor level access and above, to update arbitrary WordPress options."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:51:05.547Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4bddaefc-9ddc-4798-acb6-7b87f7c924a1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3433193/creatorlms/tags/1.1.13/includes/Rest/V1/SettingsController.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-22T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-12-30T00:07:43.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-01-20T01:48:16.000Z",
"value": "Disclosed"
}
],
"title": "Creator LMS \u2013 The LMS for Creators, Coaches, and Trainers \u003c= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-15347",
"datePublished": "2026-01-20T14:26:33.130Z",
"dateReserved": "2025-12-29T23:50:31.027Z",
"dateUpdated": "2026-04-14T15:07:39.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11967 (GCVE-0-2025-11967)
Vulnerability from cvelistv5 – Published: 2025-11-08 09:28 – Updated: 2026-04-08 17:24
VLAI
EPSS
VEX
Title
Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload
Summary
The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails |
Affected:
0 , ≤ 1.18.10
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:08:05.303014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:13:37.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mail Mint \u2013 Email Marketing, Newsletter, Email Automation \u0026 WooCommerce Emails",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "1.18.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Le Cong Danh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:24:41.225Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf902756-21f3-483b-a5d8-a9b4226bde22?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3389643/mail-mint/tags/1.18.11/app/API/Actions/Admin/Contact/ContactImportAction.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-21T15:27:26.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T21:08:54.000Z",
"value": "Disclosed"
}
],
"title": "Mail Mint \u003c= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11967",
"datePublished": "2025-11-08T09:28:11.511Z",
"dateReserved": "2025-10-20T15:11:14.944Z",
"dateUpdated": "2026-04-08T17:24:41.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12000 (GCVE-0-2025-12000)
Vulnerability from cvelistv5 – Published: 2025-11-08 03:27 – Updated: 2026-04-08 17:27
VLAI
EPSS
VEX
Title
WPFunnels <= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal
Summary
The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.6.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:07:26.229752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:14:35.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Le Cong Danh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:27:08.002Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d969eb46-b12a-4a36-9321-bf1479906a5d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/admin/modules/settings/class-wpfnl-settings.php#L591"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/includes/core/logger/class-wpfnl-logger.php#L172"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3389604/wpfunnels/trunk/admin/modules/settings/class-wpfnl-settings.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-21T15:28:43.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T15:07:46.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12000",
"datePublished": "2025-11-08T03:27:49.707Z",
"dateReserved": "2025-10-20T21:28:29.626Z",
"dateUpdated": "2026-04-08T17:27:08.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12353 (GCVE-0-2025-12353)
Vulnerability from cvelistv5 – Published: 2025-11-08 03:27 – Updated: 2026-04-08 16:51
VLAI
EPSS
VEX
Title
WPFunnels <= 3.6.2 - Unauthorized User Registration
Summary
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value 'optin_allow_registration' to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.6.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T19:55:24.670204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T19:58:32.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmed Rayen Ayari"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WPFunnels \u2013 The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value \u0027optin_allow_registration\u0027 to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:51:41.520Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4e376c96-47a8-419f-ab45-f7c46510c767?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3389604/wpfunnels/trunk/public/class-wpfnl-public.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-27T15:28:20.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T15:06:12.000Z",
"value": "Disclosed"
}
],
"title": "WPFunnels \u003c= 3.6.2 - Unauthorized User Registration"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12353",
"datePublished": "2025-11-08T03:27:47.222Z",
"dateReserved": "2025-10-27T15:11:29.679Z",
"dateUpdated": "2026-04-08T16:51:41.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-10792 (GCVE-0-2024-10792)
Vulnerability from cvelistv5 – Published: 2024-11-21 09:32 – Updated: 2026-04-08 17:10
VLAI
EPSS
VEX
Title
Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels <= 3.5.5 - Reflected Cross-Site Scripting
Summary
The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This was partially patched in 3.5.4 and fully patched in 3.5.5.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell |
Affected:
0 , ≤ 3.5.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T11:28:45.687984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T11:30:08.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout \u0026 One Click Upsell",
"vendor": "getwpfunnels",
"versions": [
{
"lessThanOrEqual": "3.5.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nathaniel Oh"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Easiest Funnel Builder For WordPress \u0026 WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u0027post_id\u0027 parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This was partially patched in 3.5.4 and fully patched in 3.5.5."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:10:39.365Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9846cb0e-fc68-4a1b-a5a5-63116289c369?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/trunk/includes/core/widgets/oxygen/elements/optin/template/template-optin.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3193046/wpfunnels/trunk/includes/core/widgets/oxygen/elements/optin/template/template-optin.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3193046%40wpfunnels\u0026new=3193046%40wpfunnels\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-20T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Easiest Funnel Builder For WordPress \u0026 WooCommerce by WPFunnels \u003c= 3.5.5 - Reflected Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-10792",
"datePublished": "2024-11-21T09:32:49.679Z",
"dateReserved": "2024-11-04T15:12:23.819Z",
"dateUpdated": "2026-04-08T17:10:39.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27965 (GCVE-0-2024-27965)
Vulnerability from cvelistv5 – Published: 2024-03-21 16:38 – Updated: 2026-04-28 16:09
VLAI
EPSS
VEX
Title
WordPress WPFunnels plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels wpfunnels.This issue affects WPFunnels: from n/a through <= 3.0.6.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| https://patchstack.com/database/vulnerability/wpf… | vdb-entryx_transferred |
Impacted products
Date Public
2026-04-01 16:23
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-21T18:36:41.835732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T18:38:48.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-3-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpfunnels",
"product": "WPFunnels",
"vendor": "WPFunnels",
"versions": [
{
"changes": [
{
"at": "3.0.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.0.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Team WeBoB | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:23:44.973Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in WPFunnels WPFunnels wpfunnels.\u003cp\u003eThis issue affects WPFunnels: from n/a through \u003c= 3.0.6.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in WPFunnels WPFunnels wpfunnels.This issue affects WPFunnels: from n/a through \u003c= 3.0.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:14.639Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wpfunnels/vulnerability/wordpress-wpfunnels-plugin-3-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WPFunnels plugin \u003c= 3.0.6 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-27965",
"datePublished": "2024-03-21T16:38:15.646Z",
"dateReserved": "2024-02-28T16:45:55.564Z",
"dateUpdated": "2026-04-28T16:09:14.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-37977 (GCVE-0-2023-37977)
Vulnerability from cvelistv5 – Published: 2023-07-27 14:16 – Updated: 2026-04-28 16:08
VLAI
EPSS
VEX
Title
WordPress WPFunnels Plugin <= 2.7.16 is vulnerable to Cross Site Scripting (XSS)
Summary
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions.
Severity
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/wpf… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WPFunnels Team | Drag & Drop Sales Funnel Builder for WordPress – WPFunnels |
Affected:
n/a , ≤ 2.7.16
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-2-7-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpfunnels",
"product": "Drag \u0026 Drop Sales Funnel Builder for WordPress \u2013 WPFunnels",
"vendor": "WPFunnels Team",
"versions": [
{
"changes": [
{
"at": "2.7.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.7.16",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "LEE SE HYOUNG (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag \u0026 Drop Sales Funnel Builder for WordPress \u2013 WPFunnels plugin \u003c=\u003cspan style=\"background-color: var(--wht);\"\u003e\u00a02.7.16 versions.\u003c/span\u003e"
}
],
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag \u0026 Drop Sales Funnel Builder for WordPress \u2013 WPFunnels plugin \u003c=\u00a02.7.16 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:32.957Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-2-7-16-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a02.7.17 or a higher version."
}
],
"value": "Update to\u00a02.7.17 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WPFunnels Plugin \u003c= 2.7.16 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-37977",
"datePublished": "2023-07-27T14:16:11.339Z",
"dateReserved": "2023-07-11T11:35:05.915Z",
"dateUpdated": "2026-04-28T16:08:32.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}