Security Advisory

CVE-2025-10567

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-05 06:00:02

Last updated 2025-11-05 18:45:38

Assigner WPScan

State PUBLISHED

Description

The FunnelKit WordPress plugin before 3.12.0.1 does not sanitize user input before echoing it back in some of its checkout-related AJAX actions, allowing attackers to conduct reflected XSS attacks against logged-in users.

← Browse all CVEs View on cve.org ↗