Skip to main content

Wpfunnels Pro

1 CVEs product

Monthly

CVE-2026-49778 HIGH This Week

Stored or reflected cross-site scripting in WPFunnels Pro WordPress plugin versions 2.9.4 and earlier allows unauthenticated remote attackers to inject malicious script that executes in a victim's browser when they interact with crafted content. The CVSS 3.1 score of 7.1 reflects the scope-changed impact (S:C) on the WordPress site, including potential session hijacking of administrators. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

XSS Wpfunnels Pro
NVD
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Stored or reflected cross-site scripting in WPFunnels Pro WordPress plugin versions 2.9.4 and earlier allows unauthenticated remote attackers to inject malicious script that executes in a victim's browser when they interact with crafted content. The CVSS 3.1 score of 7.1 reflects the scope-changed impact (S:C) on the WordPress site, including potential session hijacking of administrators. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

XSS Wpfunnels Pro
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy