cleantalk
Vulnerabilities and Security Researches

Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One, CVE-2025-54750

CVE, Research URL

CVE-2025-54750

Home page URL

Security reports for Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One

Application

Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One

Published on
Aug 20, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FunnelKit Funnel Builder by FunnelKit allows PHP Local File Inclusion. This issue affects Funnel Builder by FunnelKit: from n/a through 3.11.1.
Affected versions
Min -, max 3.12.0.
Status
vulnerable
Previous vulnerability researches
Wezido – Elementor Addon Based on Easy Digital Downloads (CVE-2024-51836) , Nov 12, 2024
New vulnerability
Simple Login Log (CVE-2025-49438) , Aug 23, 2025
SensorPress (CVE-2025-49409) , Aug 23, 2025
Notice Bar (CVE-2025-49389) , Aug 23, 2025
Testimonial (CVE-2025-49410) , Aug 23, 2025
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) (CVE-2025-8607) , Aug 23, 2025