WordPress Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor - Funnelforms Free plugin <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion vulnerability

WordPress Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor - Funnelforms Free plugin = 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Funnelforms Free versions = 3.7.3.2...

CVE-2025-62758

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Funnelforms Funnelforms Free funnelforms-free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through = 3.8...

CVE-2025-62758

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Funnelforms Funnelforms Free funnelforms-free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through = 3.8...

EUVD-2025-205909

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Funnelforms Funnelforms Free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through 3.8...

CVE-2025-62758 WordPress Funnelforms Free plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Funnelforms Funnelforms Free funnelforms-free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through = 3.8...

CVE-2025-62758 WordPress Funnelforms Free plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Funnelforms Funnelforms Free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through 3.8...

CVE-2025-62758

CVE-2025-62758 is a DOM-based XSS vulnerability in Funnelforms Free (authenticated, contributor+ context) that arises from improper input neutralization during web page generation. Affected: Funnelforms Free up to version 3.8. Impact as stated: cross-site scripting vulnerabilities; no public expl...

WordPress Funnelforms Free plugin <= 3.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Funnelforms Free versions = 3.8...

PT-2025-54300

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Funnelforms Funnelforms Free allows DOM-Based XSS.This issue affects Funnelforms Free: from n/a through 3.8...

WordPress plugin Funnelforms Free 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Funnelforms Free Missing License Vulnerability

Funnelforms Free is a free plugin that focuses on helping webmasters increase conversions through multi-step forms and contact forms. WordPress Funnelforms Free suffers from a lack of authorization vulnerability, which can be exploited by an attacker to perform an unauthorized operation via a...

WordPress Funnelforms Free plugin <= 3.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Funnelforms Free versions = 3.8...

CVE-2025-68582

Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through = 3.8...

EUVD-2025-205253

Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through = 3.8...

CVE-2025-68582

Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through = 3.8...

CVE-2025-68582

CVE-2025-68582 affects the WordPress plugin Funnelforms Free (versions up to 3.8). The issue is a Broken Access Control/Missing Authorization vulnerability due to misconfigured access control levels, enabling unauthorized operations and potential data exposure. Affected: Funnelforms Free; vulnera...

CVE-2025-68582 WordPress Funnelforms Free plugin <= 3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through = 3.8...

CVE-2025-68582 WordPress Funnelforms Free plugin <= 3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Funnelforms Funnelforms Free funnelforms-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Funnelforms Free: from n/a through = 3.8...

WordPress plugin Funnelforms Free 安全漏洞

Funnelforms Free is a free plugin that focuses on helping webmasters increase conversions through multi-step forms and contact forms. WordPress Funnelforms Free suffers from a lack of authorization vulnerability, which can be exploited by an attacker to perform an unauthorized operation via a...

PT-2025-53270

Name of the Vulnerable Software and Affected Versions Funnelforms versions prior to 3.9 Description An authorization issue exists in Funnelforms Free that allows exploitation of incorrectly configured access control security levels. Recommendations Update to version 3.9 or later...