11 matches found
CVE-2026-15103
The CVE affects the WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell WordPress plugin. All versions up to 3.12.8 are vulnerable to privilege escalation via an insecure update_settings() REST callback that does not validate the group_id path parameter against an allowlis...
CVE-2026-15103 WPFunnels <= 3.12.8 - Authenticated (Funnel Manager+) Privilege Escalation via 'group_id' Path Parameter
The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Privilege Escalation via arbitrary option update in all versions up to, and including, 3.12.8. This is due to the updatesettings REST callback failing to validate the groupid path...
EUVD-2025-26006
Malicious code in bioql PyPI...
CVE-2025-52761
Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager wp-funnel-manager allows Object Injection.This issue affects WP Funnel Manager: from n/a through = 1.4.0...
CVE-2025-52761
Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager wp-funnel-manager allows Object Injection.This issue affects WP Funnel Manager: from n/a through = 1.4.0...
CVE-2025-52761 WordPress WP Funnel Manager plugin <= 1.4.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager wp-funnel-manager allows Object Injection.This issue affects WP Funnel Manager: from n/a through = 1.4.0...
CVE-2025-52761 WordPress WP Funnel Manager Plugin <= 1.4.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager wp-funnel-manager allows Object Injection.This issue affects WP Funnel Manager: from n/a through = 1.4.0...
CVE-2025-52761
CVE-2025-52761 affects WP Funnel Manager (WordPress plugin) up to version 1.4.0. The issue is described as Deserialization of Untrusted Data leading to PHP Object Injection. Public documentation shows a high-severity vector (CVSS v3.1: 9.8, Network/No user interaction) and notes that, at least in...
PT-2025-35041
Name of the Vulnerable Software and Affected Versions: WP Funnel Manager versions through 1.4.0 Description: Deserialization of untrusted data in WP Funnel Manager allows for object injection. Recommendations: At the moment, there is no information about a newer version that contains a fix for th...
WordPress plugin WP Funnel Manager 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress WP Funnel Manager Plugin <= 1.4.0 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin WP Funnel Manager versions = 1.4.0...