Primary

Context

WPFunnels WordPress Plugin Unauthorized User Registration Vulnerability

Vulnerability

Patched

A vulnerability exists in the WPFunnels WordPress plugin, specifically in versions up to and including 3.6.2, allowing unauthorized user registration. The issue arises because the plugin uses a user-controlled value, 'optin_allow_registration', to manage registration permissions, rather than adhering to the site's default settings. This flaw enables unauthenticated attackers to create new user accounts, even when registration is disabled.

Impact

Exploitation of this vulnerability allows for unauthorized user registration, potentially leading to the creation of accounts with elevated privileges, depending on the site's user role management.

Remediation

Users are advised to update the WPFunnels WordPress plugin to version 3.6.3 or a later patched version.

Added: Nov 8, 2025, 4:17 AM

Updated: Nov 8, 2025, 4:17 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

8.2

remediation

7.7

relevance

1.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

8.2

remediation

7.7

relevance

1.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WPFunnels WordPress Plugin Unauthorized User Registration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WPFunnels

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating