Description

The FunnelKit WordPress plugin before 3.12.0.1 does not sanitize user input before echoing it back in some of its checkout-related AJAX actions, allowing attackers to conduct reflected XSS attacks against logged-in users.

INFO

Published Date :

2025-11-05T06:00:02.503Z

Last Modified :

2025-11-05T06:00:02.503Z

Source :

WPScan
AFFECTED PRODUCTS

The following products are affected by CVE-2025-10567 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-10567.

URL Resource
https://wpscan.com/vulnerability/c7536b0c-3bce-449d-937e-b0195990110a/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System