Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPFunnels — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting WPFunnels. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPFunnels is a WordPress funnel builder plugin designed to create sales funnels and landing pages. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin has accumulated 10 CVEs to date, with several critical flaws allowing attackers to execute arbitrary code or compromise site integrity. Notable characteristics include insufficient input validation and improper access controls in its form builder and funnel management features. Security researchers have consistently identified vulnerabilities in its shortcode processing and AJAX handlers, making it a recurring target for exploitation.

Top products by WPFunnels: WPFunnels Mail Mint Creator LMS
CVE IDTitleCVSSSeverityPublished
CVE-2026-32530 WordPress Creator LMS plugin <= 1.1.18 - Privilege Escalation vulnerability — Creator LMSCWE-266 8.8 High2026-03-25
CVE-2026-23541 WordPress Mail Mint plugin <= 1.19.4 - Broken Access Control vulnerability — Mail MintCWE-862 7.5 High2026-02-19
CVE-2025-69359 WordPress Creator LMS plugin <= 1.1.12 - Broken Access Control vulnerability — Creator LMSCWE-862 5.3 Medium2026-01-06
CVE-2025-67571 WordPress WPFunnels plugin <= 3.6.2 - Broken Access Control vulnerability — WPFunnelsCWE-862 5.3 Medium2025-12-09
CVE-2025-59570 WordPress Mail Mint Plugin <= 1.18.6 - SQL Injection Vulnerability — Mail MintCWE-89 7.6 High2025-09-22
CVE-2025-58604 WordPress Mail Mint Plugin <= 1.18.5 - SQL Injection Vulnerability — Mail MintCWE-89 7.6 High2025-09-03
CVE-2025-54696 WordPress WPFunnels plugin <= 3.5.26 - Cross Site Scripting (XSS) vulnerability — WPFunnelsCWE-79 6.5 Medium2025-08-14
CVE-2025-47530 WordPress WPFunnels plugin <= 3.5.18 - PHP Object Injection Vulnerability — WPFunnelsCWE-502 9.8 Critical2025-05-23
CVE-2025-47541 WordPress Mail Mint plugin <= 1.17.7 - Sensitive Data Exposure Vulnerability — Mail MintCWE-201 7.5 High2025-05-23
CVE-2024-27965 WordPress WPFunnels plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability — WPFunnelsCWE-79 5.9 Medium2024-03-21

This page lists every published CVE security advisory associated with WPFunnels. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.