WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell

Vulnerabilities 13Slug wpfunnelsLatest version 3.12.0WordPress.org →

Minimum safe version

3.8.0

Update to 3.8.0 or later to address 13 fixable vulnerabilities

Latest available3.12.0 ✓

N/A

2026-04-03< 3.8.0

WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode

Wordfence CVE

Medium 5.3

2025-12-09< 3.6.3

CVE-2025-67571

CVE EUVD Wordfence

Medium 5.3

2025-11-08< 3.6.3

CVE-2025-12353

CVE Wordfence

Medium 6.5

2025-11-08< 3.6.3

CVE-2025-12000

CVE Wordfence

Medium 6.5

2025-08-14< 3.5.27

CVE-2025-54696

CVE EUVD Wordfence

N/A

2025-05-23< 3.5.19

CVE-2025-47530

CVE Patchstack Wordfence

Medium 6.1

2024-11-21< 3.5.6

CVE-2024-10792

CVE Patchstack Wordfence

Medium 5.9

2024-03-21< 3.0.7

CVE-2024-27965

CVE Wordfence Patchstack WPScan

High 7.1

2023-07-27< 2.7.17

CVE-2023-37977

CVE Patchstack WPScan

N/A

2023-07-13< 2.7.17

WPFunnels <= 2.7.16 - Reflected Cross-Site Scripting

Wordfence

N/A

2023-07-11< 2.7.16

WordPress Drag & Drop Sales Funnel Builder for WordPress – WPFunnels Plugin < 2.7.16 is vulnerable to Insecure Direct Object References (IDOR)

Patchstack

N/A

2023-07-10< 2.7.16

WPFunnels <= 2.7.15 - Insecure Direct Object Reference

Wordfence

Medium 5.4

2023-02-06< 2.6.9

CVE-2023-0173

CVE Wordfence Patchstack WPScan