6 matches found
EUVD-2026-44901
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and including, 3.12.8. This is due to the updatesettings REST callback failing to validate the groupid path...
WordPress WPFunnels plugin <= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal vulnerability
Authenticated Administrator+ Arbitrary File Deletion via Path Traversal vulnerability discovered by vodanh in WordPress Plugin WPFunnels versions = 3.6.2...
EUVD-2024-25139
Malicious code in bioql PyPI...
CVE-2025-47530
Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects WPFunnels: from n/a through = 3.5.18...
CVE-2024-27965
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFunnels WPFunnels wpfunnels.This issue affects WPFunnels: from n/a through = 3.0.6...
CVE-2023-37977
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin = 2.7.16 versions...