CVE-2025-10567

{"id": "CVE-2025-10567", "cveTags": [], "metrics": {}, "published": "2025-11-05T06:15:32.363", "references": [{"url": "https://wpscan.com/vulnerability/c7536b0c-3bce-449d-937e-b0195990110a/", "source": "contact@wpscan.com"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "The FunnelKit WordPress plugin before 3.12.0.1 does not sanitize user input before echoing it back in some of its checkout-related AJAX actions, allowing attackers to conduct reflected XSS attacks against logged-in users."}], "lastModified": "2025-11-05T06:15:32.363", "sourceIdentifier": "contact@wpscan.com"}