cleantalk
Vulnerabilities and Security Researches

Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels, CVE-2023-0173

CVE, Research URL

CVE-2023-0173

Home page URL

Security reports for Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels

Application

Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels

Published on
Feb 07, 2023
Research Description
The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 2.7.17.
Status
vulnerable
Previous vulnerability researches
Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels (CVE-2025-47530) , May 16, 2025
Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels (CVE-2024-10792) , Nov 22, 2024
Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels (CVE-2023-0173) , Jun 06, 2024
Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels (CVE-2024-27965) , Jun 06, 2024
Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels (CVE-2023-37977) , Jun 06, 2024
New vulnerability
WP Google Review Slider (CVE-2024-11109) , May 17, 2025
Sailthru Triggermail (CVE-2024-11141) , May 17, 2025
LifterLMS – WordPress LMS Plugin for eLearning (CVE-2024-13619) , May 17, 2025
AHAthat Plugin (CVE-2024-11269) , May 17, 2025
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting (CVE-2024-12812) , May 17, 2025