Funnelkit Automations

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-12469 MEDIUM PATCH Monitor

The FunnelKit Automations - Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Funnelkit Automations PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-12468 MEDIUM This Month

The FunnelKit Automations - Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Funnelkit Automations PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-1562 CRITICAL PATCH Act Now

The FunnelKit plugin for WordPress (versions ≤3.5.3) contains a critical vulnerability allowing unauthenticated attackers to install arbitrary plugins due to missing capability checks and weak nonce validation in the install_or_activate_addon_plugins() function. This is a pre-authentication remote code execution vector with a CVSS 9.8 severity rating that enables complete site compromise through malicious plugin installation.

WordPress Authentication Bypass PHP RCE Funnelkit Automations
NVD
CVSS 3.1
9.8
EPSS
16.1%
CVE-2025-12469
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

The FunnelKit Automations - Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Funnelkit Automations +1
NVD
CVE-2025-12468
EPSS 0% CVSS 5.3
MEDIUM This Month

The FunnelKit Automations - Email Marketing Automation and CRM for WordPress & WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Funnelkit Automations +1
NVD
CVE-2025-1562
EPSS 16% CVSS 9.8
CRITICAL PATCH Act Now

The FunnelKit plugin for WordPress (versions ≤3.5.3) contains a critical vulnerability allowing unauthenticated attackers to install arbitrary plugins due to missing capability checks and weak nonce validation in the install_or_activate_addon_plugins() function. This is a pre-authentication remote code execution vector with a CVSS 9.8 severity rating that enables complete site compromise through malicious plugin installation.

WordPress Authentication Bypass PHP +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy