WordPress Plugin Vulnerabilities

Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit < 3.6.0 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation

Description

The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_plugins() function and a weak nonce hash in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to install arbitrary plugins on the site that can be leveraged to further infect a vulnerable site.

Affects Plugins

Plugin icon
wp-marketing-automations
Fixed in 3.6.0

References

CVE
CVE-2025-1562
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/094972e6-7e02-4060-b069-e39c8cde9331

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
mikemyers
Verified
No
WPVDB ID
6690bbb8-2e6a-4f3d-b71c-8e6e08bba674

Timeline

Publicly Published
2025-06-17 (about 11 months ago)
Added
2025-06-17 (about 11 months ago)
Last Updated
2025-06-18 (about 11 months ago)

Other

Published
Title
Published
2024-11-22
Title
WP User Manager – User Profile Builder & Membership < 2.9.12 - Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal
Published
2025-05-07
Title
Blocksy < 2.0.98 - Missing Authorization
Published
2025-12-26
Title
CubeWP < 1.1.28 - Missing Authorization
Published
2025-08-14
Title
WP Statistics < 14.15.2 - Missing Authorization
Published
2024-12-05
Title
Gold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation