cleantalk
Vulnerabilities and Security Researches

Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One, CVE-2025-2203

CVE, Research URL

CVE-2025-2203

Home page URL

Security reports for Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One

Application

Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One

Published on
May 16, 2025
Research Description
The FunnelKit WordPress plugin before 3.10.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
Affected versions
Min -, max 3.10.2.
Status
vulnerable
Previous vulnerability researches
NC Wishlist for Woocommerce (CVE-2025-22505) , Jan 11, 2025
Wishlist and Compare for WooCommerce (d16ff76f2758ae5cd2524881fb65080698c295c3) , Jun 07, 2024
Premmerce Wishlist for WooCommerce (4c9caab2147a94d57962bebff673865579b6c3bf) , Jun 06, 2024
Premmerce Wishlist for WooCommerce (CVE-2022-4974) , Nov 15, 2024
Wishlist for WooCommerce (CVE-2025-24657) , Jan 26, 2025
New vulnerability
Badgearoo (CVE-2025-1033) , May 19, 2025
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic (CVE-2025-2892) , May 19, 2025
Plugin Oficial – Getnet para WooCommerce (CVE-2025-1303) , May 19, 2025
Plugin Oficial – Getnet para WooCommerce (CVE-2025-1289) , May 19, 2025
Melapress File Monitor (CVE-2024-9879) , May 19, 2025