{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12000", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-20T21:28:29.626Z", "datePublished": "2025-11-08T03:27:49.707Z", "dateUpdated": "2026-04-08T17:27:08.002Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:08.002Z"}, "affected": [{"vendor": "getwpfunnels", "product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout & One Click Upsell", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.6.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."}], "title": "WPFunnels <= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d969eb46-b12a-4a36-9321-bf1479906a5d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/admin/modules/settings/class-wpfnl-settings.php#L591"}, {"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/includes/core/logger/class-wpfnl-logger.php#L172"}, {"url": "https://plugins.trac.wordpress.org/changeset/3389604/wpfunnels/trunk/admin/modules/settings/class-wpfnl-settings.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Le Cong Danh"}], "timeline": [{"time": "2025-10-21T15:28:43.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-11-07T15:07:46.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-10T14:07:26.229752Z", "id": "CVE-2025-12000", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-10T14:14:35.248Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12000", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-10T14:07:26.229752Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-10T14:07:26.864Z"}}], "cna": {"title": "WPFunnels <= 3.6.2 - Authenticated (Administrator+) Arbitrary File Deletion via Path Traversal", "credits": [{"lang": "en", "type": "finder", "value": "Le Cong Danh"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"}}], "affected": [{"vendor": "getwpfunnels", "product": "WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout & One Click Upsell", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.6.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-21T15:28:43.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-11-07T15:07:46.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d969eb46-b12a-4a36-9321-bf1479906a5d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/admin/modules/settings/class-wpfnl-settings.php#L591"}, {"url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/includes/core/logger/class-wpfnl-logger.php#L172"}, {"url": "https://plugins.trac.wordpress.org/changeset/3389604/wpfunnels/trunk/admin/modules/settings/class-wpfnl-settings.php"}], "descriptions": [{"lang": "en", "value": "The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:08.002Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12000", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:27:08.002Z", "dateReserved": "2025-10-20T21:28:29.626Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-08T03:27:49.707Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WPFunnels plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpfnl_delete_log() function in all versions up to, and including, 3.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."}], "id": "CVE-2025-12000", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-08T04:15:43.753", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/admin/modules/settings/class-wpfnl-settings.php#L591"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.6.1/includes/core/logger/class-wpfnl-logger.php#L172"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3389604/wpfunnels/trunk/admin/modules/settings/class-wpfnl-settings.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d969eb46-b12a-4a36-9321-bf1479906a5d?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T01:47:22.512746+00:00", "value": {"mitigation_remediation": ["Update the WPFunnels plugin to the latest version (\u22653.6.3).", "Restrict folder permissions so that non\u2011privileged users cannot delete critical configuration files.", "Limit administrator\u2011level accounts and enforce least\u2011privilege practices for users who can access WordPress admin."], "summary": {"action": "Apply Patch", "impact": "Arbitrary file deletion enabling possible remote code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the WPFunnels \u2013 Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin from the getwpfunnels vendor. All releases up to and including 3.6.2 are impacted; newer releases are expected to have fixed the flaw.", "description_and_impact": "The WPFunnels plugin allows an authenticated administrator to delete any file on the server because the file path is not validated in the wpfnl_delete_log() function. The attacker can target critical system files such as wp-config.php, which can lead to remote code execution if the configuration file is removed or tampered with. The weakness is a classic path\u2011traversal flaw (CWE\u201122) and requires administrative credentials to exploit.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity. The EPSS score of 1% suggests a low but non\u2011zero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, but it remains exploitable by authenticated users with administrator rights, which is a common role in many WordPress sites. The path traversal flaw enables deletion of arbitrary files, making the potential impact high if vital configuration files are removed."}}}}, "created": "2025-11-10T09:33:33.046999+00:00", "updated": "2026-04-21T02:00:12.278045+00:00", "vendors": ["getwpfunnels", "getwpfunnels$PRODUCT$wpfunnels", "wordpress", "wordpress$PRODUCT$wordpress"]}