CVE-2026-0626 | getwpfunnels WPFunnels Plugin up to 3.7.9 on WordPress Shortcode wpf_optin_form button_icon cross site scripting

Inserito da Angelo Barbosa | Apr 4, 2026 | CVE

A vulnerability classified as problematic was found in getwpfunnels WPFunnels Plugin up to 3.7.9 on WordPress. This impacts the function wpf_optin_form of the component Shortcode Handler. The manipulation of the argument button_icon results in cross site scripting.

This vulnerability is known as CVE-2026-0626. It is possible to launch the attack remotely. No exploit is available.

CVE-2026-0626 | getwpfunnels WPFunnels Plugin up to 3.7.9 on WordPress Shortcode wpf_optin_form button_icon cross site scripting

Post correlati

CVE-2024-9865 | EventPrime Plugin up to 4.0.4.7 on WordPress Transaction Log cross site scripting

CVE-2025-5343 | Zoho ManageEngine Exchange Reporter Plus up to 5721 Instant Search Option cross site scripting

CVE-2024-10660 | ESAFENET CDG 5 HookService.java deleteHook hookId sql injection

CVE-2025-7649 | Surbma Plugin up to 2.0 on WordPress Shortcode recent-comments cross site scripting