cleantalk
Vulnerabilities and Security Researches

WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce, CVE-2019-25151

CVE, Research URL

CVE-2019-25151

Home page URL

Security reports for WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce

Application

WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce

Published on
Jun 07, 2023
Research Description
The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service.
Affected versions
max 1.3.1.
Status
vulnerable
Previous vulnerability researches
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce (CVE-2026-25316) , Feb 27, 2026
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce (CVE-2020-36736) , Jun 07, 2024
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce (CVE-2021-24330) , Jun 07, 2024
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce (CVE-2019-25151) , Jun 07, 2024
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce (CVE-2024-29813) , Jun 07, 2024
New vulnerability
Printful Integration for WooCommerce (CVE-2025-12375) , Feb 27, 2026
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes (CVE-2026-25322) , Feb 27, 2026
Page Builder Gutenberg Blocks – CoBlocks (CVE-2026-27094) , Feb 27, 2026
ElementsKit Elementor addons (CVE-2026-23693) , Feb 27, 2026
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2025-14795) , Feb 27, 2026