Vulnerability Description
The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 3.6.2. This is due to the plugin relying on a user controlled value 'optin_allow_registration' to determine if user registration is allowed, instead of the site-specific setting. This makes it possible for unauthenticated attackers to register new user accounts, even when user registration is disabled.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/3389604/wpfunnels/trunk/public/clas
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4e376c96-47a8-419f-ab4
FAQ
What is CVE-2025-12353?
CVE-2025-12353 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The WPFunnels – The Easiest Funnel Builder For WordPress And WooCommerce To Collect Leads And Increase Sales plugin for WordPress is vulnerable to unauthorized user registration in all versions up to,...
How severe is CVE-2025-12353?
CVE-2025-12353 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-12353?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.