CVE-2025-12878 | FunnelKit Plugin up to 3.13.1.2 on WordPress Shortcode wfop_phone cross site scripting

A vulnerability labeled as problematic has been found in FunnelKit Plugin up to 3.13.1.2 on WordPress. The affected element is the function wfop_phone of the component Shortcode Handler. Such manipulation leads to cross site scripting.

This vulnerability is listed as CVE-2025-12878. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More