Browse all 17 CVE security advisories affecting funnelforms. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Funnelforms serves as a WordPress plugin for creating sales funnels and lead generation forms. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin has accumulated 17 CVEs, indicating consistent security challenges. Notable incidents include multiple RCE flaws allowing attackers to execute arbitrary code on affected servers, and XSS vulnerabilities enabling malicious script injection. These issues often stem from insufficient input validation and improper access controls. The plugin's extensive functionality and integration with WordPress make it a target for exploitation, requiring users to maintain strict update practices to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-62758 | WordPress Funnelforms Free plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability — Funnelforms FreeCWE-79 | 6.5 | Medium | 2025-12-31 |
| CVE-2025-68582 | WordPress Funnelforms Free plugin <= 3.8 - Broken Access Control vulnerability — Funnelforms FreeCWE-862 | 5.3 | Medium | 2025-12-24 |
| CVE-2024-10587 | Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-502 | 8.8 | High | 2024-12-04 |
| CVE-2024-5857 | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-862 | 5.3 | Medium | 2024-08-29 |
| CVE-2024-7447 | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-862 | 5.3 | Medium | 2024-08-28 |
| CVE-2024-6311 | Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Upload — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-434 | 7.2 | High | 2024-08-28 |
| CVE-2024-6312 | Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Deletion — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-22 | 6.5 | Medium | 2024-08-28 |
| CVE-2023-5385 | Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Duplication — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-862 | 4.3 | Medium | 2023-11-22 |
| CVE-2023-5383 | Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-352 | 4.3 | Medium | 2023-11-22 |
| CVE-2023-5387 | Funnelforms Free <= 3.4 - Missing Authorization to Enable/Disable Dark Mode — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-862 | 4.3 | Medium | 2023-11-22 |
| CVE-2023-5416 | Funnelforms Free <= 3.4 - Missing Authorization to Category Deletion — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-862 | 4.3 | Medium | 2023-11-22 |
| CVE-2023-5411 | Funnelforms Free <= 3.4 - Missing Authorization to Post Modification — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-862 | 4.3 | Medium | 2023-11-22 |
| CVE-2023-5382 | Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Deletion — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-352 | 6.5 | Medium | 2023-11-22 |
| CVE-2023-5415 | Funnelforms Free <= 3.4 - Missing Authorization to New Category Creation — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-862 | 4.3 | Medium | 2023-11-22 |
| CVE-2023-5419 | Funnelforms Free <= 3.4 - Missing Authorization to Test Email Sending — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-862 | 4.3 | Medium | 2023-11-22 |
| CVE-2023-5386 | Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-862 | 6.5 | Medium | 2023-11-22 |
| CVE-2023-5417 | Funnelforms Free <= 3.4 - Missing Authorization to Category Update — Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms FreeCWE-862 | 4.3 | Medium | 2023-11-22 |
This page lists every published CVE security advisory associated with funnelforms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.