Unauthorized User Registration Vulnerability in WPFunnels Plugin for WordPress
CVE-2025-12353
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 8 November 2025
What is CVE-2025-12353?
The WPFunnels plugin, designed for building sales funnels on WordPress and WooCommerce, is susceptible to a vulnerability that allows unauthorized user registration. This issue arises because the plugin inappropriately utilizes a user-controlled value, 'optin_allow_registration', to dictate user registration permissions, rather than relying on the intended site-specific settings. Consequently, this oversight enables unauthenticated attackers to create new user accounts, even in scenarios where user registration is meant to be restricted. As a result, site owners using versions up to 3.6.2 of WPFunnels must take immediate action to secure their installations against potential abuse.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Easy WordPress Funnel Builder To Collect Leads And Increase Sales β WPFunnels * <= 3.6.2
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved