CVE-2025-6588

Name of the Vulnerable Software and Affected Versions FunnelCockpit plugin for WordPress versions up to and including 1.4.2

Description The plugin is susceptible to Reflected Cross-Site Scripting via the error parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages that will execute if an administrative user is tricked into performing an action, such as clicking a link.

Recommendations Update the FunnelCockpit plugin to a version later than 1.4.2.