CVE-2025-12469 FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.4.1. This is due to the plugin not properly verifying that a user is authorized to perform administrativ...

CVE-2025-12469 FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.4.1. This is due to the plugin not properly verifying that a user is authorized to perform administrativ...

CVE-2025-12469

CVE-2025-12469 affects FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce. A Missing Authorization flaw in the bwfan_test_email AJAX handler, with the nonce exposed via frontend localization, allows authenticated attackers with Subscriber+ rights to send arbitr...

CVE-2025-12468 FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 - Unauthenticated Sensitive Information Exposure

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a...

CVE-2025-12468 FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 - Unauthenticated Sensitive Information Exposure

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.4.1 via the '/wc-coupons/' REST API endpoint. This is due to the endpoint being marked as a...

CVE-2025-12468

The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin (up to version 3.6.4.1) is exposed to unauthenticated sensitive information exposure via the /wc-coupons/ REST API endpoint. The endpoint is registered as a public API (public_api = true) and uses pe...

WordPress FunnelKit Automations plugin <= 3.6.4.1 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin FunnelKit Automations versions = 3.6.4.1...

WordPress FunnelKit Automations plugin <= 3.6.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Email Sending vulnerability discovered by Rafshanzani Suhada in WordPress Plugin FunnelKit Automations versions = 3.6.4.1...

PT-2025-45101

Name of the Vulnerable Software and Affected Versions FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce versions up to and including 3.6.4.1 Description The FunnelKit Automations plugin for WordPress is affected by a missing authorization issue. The plugin doe...

PT-2025-45100

Name of the Vulnerable Software and Affected Versions FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce versions up to and including 3.6.4.1 Description The software contains a flaw that allows unauthenticated attackers to extract sensitive data, including...

WordPress plugin FunnelKit Automations 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin FunnelKit Automations,...

WordPress plugin FunnelKit Automations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

EUVD-2025-27225

Malicious code in bioql PyPI...

EUVD-2025-25167

Malicious code in bioql PyPI...

CVE-2025-9542

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in all versions up to, and including, 5.3.7...

CVE-2025-9539

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the automatorwpajaximportautomationfromurl function in all versions up to, and...

CVE-2025-9542

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in all versions up to, and including, 5.3.7...

CVE-2025-9539 AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress <= 5.3.6 - Missing Authorization To Authenticated (Subscriber+) Remote Code Execution via Automation Creation

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the automatorwpajaximportautomationfromurl function in all versions up to, and...

CVE-2025-9542

Summary (CVE-2025-9542) The WordPress plugin AutomatorWP – Automator (AutomatorWP) ≤ 5.3.7 is affected by a missing capability check that lets authenticated users with Subscriber-level access or higher view and modify integration settings and automations. The vulnerability affects all versions up...

PT-2025-36578

Name of the Vulnerable Software and Affected Versions: AutomatorWP – Automator plugin for WordPress versions prior to 5.3.7 Description: The AutomatorWP – Automator plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check on the automatorwp ajax impo...