cleantalk
Vulnerabilities and Security Researches

Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One, CVE-2025-66067

CVE, Research URL

CVE-2025-66067

Home page URL

Security reports for Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One

Application

Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One

Published on
Nov 21, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through <= 3.13.1.2.
Affected versions
max 3.13.1.2.
Status
vulnerable
Previous vulnerability researches
Magento 2 WordPress Integration (CVE-2025-58669) , Oct 11, 2025
New vulnerability
Graphina &#8211; Elementor Charts and Graphs (CVE-2025-11820) , Dec 11, 2025
ContentStudio (CVE-2025-12181) , Dec 11, 2025
ContentStudio (CVE-2025-13144) , Dec 11, 2025
Quiz Maker (CVE-2025-12426) , Dec 11, 2025
WP Booking Calendar (CVE-2025-12804) , Dec 11, 2025