PT-2026-1510 · Aa Team+1 · Woocommerce Sales Funnel Builder+3
Published
2026-01-06
·
Updated
2026-01-06
·
CVE-2025-30631
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
AA-Team Woocommerce Sales Funnel Builder versions through 1.1
AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) versions through 1.2
Description
The software contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting (XSS) condition. This allows for the injection of malicious scripts into web pages. The issue affects the Woocommerce Sales Funnel Builder and the Amazon Affiliates Addon for WPBakery Page Builder. The vulnerability enables a Reflected XSS attack.
Recommendations
Update AA-Team Woocommerce Sales Funnel Builder to a version later than 1.1
Update AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) to a version later than 1.2
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amazon Affiliates Addon For Wpbakery Page Builder
Visual Composer
Wpbakery Page Builder
Woocommerce Sales Funnel Builder