cleantalk
Vulnerabilities and Security Researches

WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce, CVE-2026-25316

CVE, Research URL

CVE-2026-25316

Home page URL

Security reports for WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce

Application

WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce

Published on
Feb 19, 2026
Research Description
Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19.
Affected versions
max 2.1.19.
Status
vulnerable
Previous vulnerability researches
Remove Duplicate Posts (1f5faa66dc6d492718ce5db9c3895b5840416340) , Jun 07, 2024
Remove Duplicate Posts (CVE-2023-29237) , Jun 10, 2024
New vulnerability
WP Wizard Cloak (CVE-2025-53237) , Feb 27, 2026
YITH WooCommerce Compare (CVE-2026-22333) , Feb 27, 2026
Kenta Companion (CVE-2026-27090) , Feb 27, 2026
WP-Lister Lite for eBay (CVE-2026-25384) , Feb 27, 2026
Email Marketing, Email Automation &amp; Newsletter for WordPress &amp; WooCommerce – Mail Mint (CVE-2026-23541) , Feb 27, 2026