CVE-2025-12353

Name of the Vulnerable Software and Affected Versions WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales versions prior to 3.6.3

Description The WPFunnels plugin for WordPress is susceptible to unauthorized user registration. The plugin incorrectly relies on a user-controlled value, optin allow registration, to determine if user registration is permitted, rather than utilizing the site-specific setting. This allows unauthenticated attackers to create new user accounts, even when user registration is disabled on the WordPress site.

Recommendations Update WPFunnels to version 3.6.3 or later.