cleantalk
Vulnerabilities and Security Researches

Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One, CVE-2025-10567

CVE, Research URL

CVE-2025-10567

Home page URL

Security reports for Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One

Application

Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One

Published on
Nov 05, 2025
Research Description
The FunnelKit WordPress plugin before 3.12.0.1 does not sanitize user input before echoing it back in some of its checkout-related AJAX actions, allowing attackers to conduct reflected XSS attacks against logged-in users.
Affected versions
max 3.12.0.1.
Status
vulnerable
Previous vulnerability researches
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One (CVE-2025-7654) , Aug 19, 2025
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One (CVE-2025-2203) , May 19, 2025
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One (CVE-2025-49034) , Jul 19, 2025
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One (CVE-2025-10567) , Nov 10, 2025
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One (CVE-2023-50856) , Jun 06, 2024
New vulnerability
Off-Canvas Sidebars & Menus (Slidebars) (CVE-2025-62891) , Nov 11, 2025
LLM Hubspot Blog Import (CVE-2025-11257) , Nov 11, 2025
AI ChatBot (CVE-2025-62952) , Nov 11, 2025
Pie Calendar (CVE-2025-62024) , Nov 11, 2025
Demo Import Kit (CVE-2025-10051) , Nov 11, 2025