Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| WPFunnels | WPFunnels Pro | unaffected |
|
No data.
No data.
No data available yet.
Vendor Solution
Update the WordPress WPFunnels Pro Plugin to the latest available version (at least 2.9.5).
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 17 Jun 2026 11:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions. | |
| Title | WordPress WPFunnels Pro plugin <= 2.9.4 - Cross Site Scripting (XSS) vulnerability | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: Patchstack
Published:
Updated: 2026-06-17T15:30:12.313Z
Reserved: 2026-06-01T15:29:19.865Z
Link: CVE-2026-49778
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')