Lucene search
+L

11 matches found

cve
cve
added 13 hours ago7 views

CVE-2026-15103

The CVE affects the WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell WordPress plugin. All versions up to 3.12.8 are vulnerable to privilege escalation via an insecure update_settings() REST callback that does not validate the group_id path parameter against an allowlis...

8.8CVSS6.1AI score
Exploits0References6
cvelist
cvelist
added 13 hours ago14 views

CVE-2026-15103 WPFunnels <= 3.12.8 - Authenticated (Funnel Manager+) Privilege Escalation via 'group_id' Path Parameter

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and including, 3.12.8. This is due to the updatesettings REST callback failing to validate the groupid path...

8.8CVSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-26006

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00381EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/08/30 6:18 p.m.3 views

CVE-2025-52761

Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager wp-funnel-manager allows Object Injection.This issue affects WP Funnel Manager: from n/a through = 1.4.0...

9.8CVSS5.9AI score0.00381EPSS
Exploits0References1
nvd
nvd
added 2025/08/28 1:16 p.m.3 views

CVE-2025-52761

Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager wp-funnel-manager allows Object Injection.This issue affects WP Funnel Manager: from n/a through = 1.4.0...

9.8CVSS0.00381EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/08/28 12:37 p.m.1 views

CVE-2025-52761 WordPress WP Funnel Manager plugin <= 1.4.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager wp-funnel-manager allows Object Injection.This issue affects WP Funnel Manager: from n/a through = 1.4.0...

9.8CVSS5.2AI score0.00381EPSS
Exploits0References1
cvelist
cvelist
added 2025/08/28 12:37 p.m.12 views

CVE-2025-52761 WordPress WP Funnel Manager Plugin <= 1.4.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager wp-funnel-manager allows Object Injection.This issue affects WP Funnel Manager: from n/a through = 1.4.0...

9.8CVSS0.00381EPSS
Exploits0References1
cve
cve
added 2025/08/28 12:37 p.m.12 views

CVE-2025-52761

CVE-2025-52761 affects WP Funnel Manager (WordPress plugin) up to version 1.4.0. The issue is described as Deserialization of Untrusted Data leading to PHP Object Injection. Public documentation shows a high-severity vector (CVSS v3.1: 9.8, Network/No user interaction) and notes that, at least in...

9.8CVSS5.9AI score0.00381EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/08/28 12:0 a.m.3 views

PT-2025-35041

Name of the Vulnerable Software and Affected Versions: WP Funnel Manager versions through 1.4.0 Description: Deserialization of untrusted data in WP Funnel Manager allows for object injection. Recommendations: At the moment, there is no information about a newer version that contains a fix for th...

9.8CVSS6.3AI score0.00381EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/08/28 12:0 a.m.3 views

WordPress plugin WP Funnel Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

9.8CVSS6.8AI score0.00381EPSS
Exploits0References2
patchstack
patchstack
added 2025/08/20 1:29 p.m.4 views

WordPress WP Funnel Manager Plugin <= 1.4.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin WP Funnel Manager versions = 1.4.0...

9.8CVSS7AI score0.00381EPSS
Exploits0Affected Software1
Rows per page
Query Builder