Upsell Funnel Builder For Woocommerce – Create Upsells, Cross Sells, Order Bumps, Frequently Bought, And Popups.
Approved changes feed: RSS · Atom
cpe:2.3:a:wpswings:upsell_funnel_builder_for_woocommerce_–_create_upsells,_cross-sells,_order_bumps,_frequently_bought,_and_popups.:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Wpswings (325d4910-7fb8-5524-97f5-2fb5d0fe400a) |
|---|---|
| Product | Upsell Funnel Builder For Woocommerce – Create Upsells, Cross Sells, Order Bumps, Frequently Bought, And Popups. (7cba5009-b059-57e6-bbb1-6e93d9b6c131) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-3743 |
vulnerable | 2026-06-03 15:01:05.452910 |
Upsell Funnel Builder for WooCommerce <= 3.0.0 - Unauthenticated Order Manipulation
MEDIUM (5.3)
The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0. This is due to the plugin allowing the additional product ID and discount field to be manipulated prior to processing via the 'add_offer_in_cart' function. This makes it possible for unauthenticated attackers to arbitrarily update the product associated with any order bump, and arbitrarily update the discount applied to any order bump item, when adding it to the cart.
Published: 2025-04-25T06:45:29.320Z
Updated: 2026-04-08T17:16:03.915Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.