CartFlows – Funnel Builder & Checkout Plugin for WooCommerce

Vulnerabilities 14Slug cartflowsLatest version 3.0.1WordPress.org →

Minimum safe version

2.2.4

Update to 2.2.4 or later to address 14 fixable vulnerabilities

Latest available3.0.1 ✓

Medium 4.3

2026-04-08< 2.2.4

CVE-2026-39477

CVE Wordfence

High 7.2

2026-02-19< 2.2.0

CVE-2026-25316

CVE Wordfence

Medium 6.4

2024-06-19< 2.0.8

CVE-2024-4632

CVE Patchstack Wordfence

Medium 5.9

2024-03-27< 2.0.2

CVE-2024-29813

CVE Wordfence Patchstack WPScan

N/A

2023-06-02< 1.11.12

CartFlows <= 1.11.11 - Insecure Direct Object Reference to Arbitrary Post Deletion

Wordfence

Medium 4.3

2023-07-01< 1.5.16

CVE-2020-36736

CVE Wordfence WPScan

N/A

2023-06-07< 1.5.16

CVE-2021-4342

CVE

Medium 5.4

2023-06-07< 1.3.1

CVE-2019-25151

CVE

N/A

2019-11-07< 1.3.1

Funnel Builder <= 1.3.0 - Arbitrary Plugin Activation

Wordfence

N/A

< 1.5.16

Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass

Wordfence

N/A

< 1.3.1

Funnel Builder by CartFlows < 1.3.1 - Authenticated Arbitrary Plugin Activation

WPScan

N/A

< 1.5.16

Multiple Plugins/Themes - Cross-Site Request Forgery (CSRF)

WPScan

N/A

2020-09-16< 1.5.16

WordPress Funnel Builder by CartFlows plugin <= 1.5.15 - Cross-Site Request Forgery (CSRF) vulnerability

Patchstack

Medium 4.8

2021-06-01< 1.6.13

CVE-2021-24330

CVE Wordfence Patchstack WPScan