Browse all 8 CVE security advisories affecting getwpfunnels. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Getwpfunnels is a WordPress funnel builder plugin designed to create sales pages and marketing funnels. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin has accumulated 8 CVE records, indicating a pattern of security weaknesses. Notable characteristics include insufficient input validation and improper access controls, which have allowed attackers to execute unauthorized actions, steal sensitive data, and potentially compromise entire WordPress installations. These vulnerabilities have made it a target for attacks, highlighting the importance of regular updates and security hardening for users of this plugin.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1258 | Mail Mint <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints — Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce EmailsCWE-89 | 4.9 | Medium | 2026-02-14 |
| CVE-2026-1447 | Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce EmailsCWE-352 | 5.4 | Medium | 2026-02-03 |
| CVE-2025-11967 | Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload — Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce EmailsCWE-434 | 7.2 | High | 2025-11-08 |
This page lists every published CVE security advisory associated with getwpfunnels. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.