Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

getwpfunnels — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting getwpfunnels. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Getwpfunnels is a WordPress funnel builder plugin designed to create sales pages and marketing funnels. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin has accumulated 8 CVE records, indicating a pattern of security weaknesses. Notable characteristics include insufficient input validation and improper access controls, which have allowed attackers to execute unauthorized actions, steal sensitive data, and potentially compromise entire WordPress installations. These vulnerabilities have made it a target for attacks, highlighting the importance of regular updates and security hardening for users of this plugin.

Top products by getwpfunnels: WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Creator LMS – Online Courses and eLearning Plugin
CVE IDTitleCVSSSeverityPublished
CVE-2026-0626 WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode — WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click UpsellCWE-79 6.4 Medium2026-04-04
CVE-2026-1258 Mail Mint <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints — Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce EmailsCWE-89 4.9 Medium2026-02-14
CVE-2026-1447 Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce EmailsCWE-352 5.4 Medium2026-02-03
CVE-2025-15347 Creator LMS – The LMS for Creators, Coaches, and Trainers <= 1.1.12 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update — Creator LMS – Online Courses and eLearning PluginCWE-862 8.8 High2026-01-20
CVE-2025-11967 Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload — Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce EmailsCWE-434 7.2 High2025-11-08
CVE-2025-12000 WPFunnels <= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal — WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click UpsellCWE-22 6.5 Medium2025-11-08
CVE-2025-12353 WPFunnels <= 3.6.2 - Unauthorized User Registration — WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click UpsellCWE-639 5.3 Medium2025-11-08
CVE-2024-10792 Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels <= 3.5.5 - Reflected Cross-Site Scripting — WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click UpsellCWE-79 6.1 Medium2024-11-21

This page lists every published CVE security advisory associated with getwpfunnels. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.