Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

funnelforms — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting funnelforms. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Funnelforms serves as a WordPress plugin for creating sales funnels and lead generation forms. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin has accumulated 17 CVEs, indicating consistent security challenges. Notable incidents include multiple RCE flaws allowing attackers to execute arbitrary code on affected servers, and XSS vulnerabilities enabling malicious script injection. These issues often stem from insufficient input validation and improper access controls. The plugin's extensive functionality and integration with WordPress make it a target for exploitation, requiring users to maintain strict update practices to mitigate risks.

Found 2 results / 17Clear Filters
Top products by funnelforms: Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free Funnelforms Free
CVE IDTitleCVSSSeverityPublished
CVE-2025-62758 WordPress Funnelforms Free plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability — Funnelforms FreeCWE-79 6.5 Medium2025-12-31
CVE-2025-68582 WordPress Funnelforms Free plugin <= 3.8 - Broken Access Control vulnerability — Funnelforms FreeCWE-862 5.3 Medium2025-12-24

This page lists every published CVE security advisory associated with funnelforms. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.