CVE-2025-10567

Name of the Vulnerable Software and Affected Versions FunnelKit WordPress plugin versions prior to 3.12.0.1

Description The software does not properly sanitize user-provided data before displaying it in certain checkout-related AJAX operations. This can allow attackers to execute reflected cross-site scripting (XSS) attacks against users who are logged in. The issue involves echoing user input without sufficient validation, potentially leading to the injection of malicious scripts.

Recommendations Update to version 3.12.0.1 or later.