Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.7 views

CVE-2025-12878

The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wfopphone shortcode in all versions up to, and including, 3.13.1.2. This is due to insufficient input sanitization and output escaping on the user-supplied default...

6.4CVSS5AI score0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/19 6:31 a.m.7 views

EUVD-2025-198104

The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wfopphone shortcode in all versions up to, and including, 3.13.1.2. This is due to insufficient input sanitization and output escaping on the user-supplied default...

6.4CVSS4.6AI score0.00209EPSS
Exploits0References8
NVD
NVD
added 2025/11/19 6:15 a.m.6 views

CVE-2025-12878

The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wfopphone shortcode in all versions up to, and including, 3.13.1.2. This is due to insufficient input sanitization and output escaping on the user-supplied default...

6.4CVSS0.00209EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/11/19 5:45 a.m.15 views

CVE-2025-12878 FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode

The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wfopphone shortcode in all versions up to, and including, 3.13.1.2. This is due to insufficient input sanitization and output escaping on the user-supplied default...

6.4CVSS0.00209EPSS
Exploits0References7
CVE
CVE
added 2025/11/19 5:45 a.m.21 views

CVE-2025-12878

The FunnelKit – Funnel Builder for WooCommerce Checkout WordPress plugin is affected by a stored XSS via the wfop_phone shortcode, in all versions up to and including 3.13.1.2. Exploitation requires authenticated access at Contributor+ level, due to insufficient input sanitization and output esca...

6.4CVSS4.7AI score0.00209EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.6 views

PT-2025-47436

The FunnelKit – Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wfop phone shortcode in all versions up to, and including, 3.13.1.2. This is due to insufficient input sanitization and output escaping on the user-supplied default...

6.4CVSS5AI score0.00209EPSS
Exploits0References8
Rows per page
Query Builder