What the vulnerability does
01Description
The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0. This is due to the plugin allowing the additional product ID and discount field to be manipulated prior to processing via the 'add_offer_in_cart' function. This makes it possible for unauthenticated attackers to arbitrarily update the product associated with any order bump, and arbitrarily update the discount applied to any order bump item, when adding it to the cart.
Explanation of Vulnerability in Simple Terms
02Summary
The Upsell Funnel Builder for WooCommerce plugin through version 3.0.0 contains an integrity vulnerability that allows unauthenticated attackers to modify data via the network. No user interaction is required. The vulnerability does not affect data confidentiality or site availability. Site administrators should update to a version newer than 3.0.0.
What an attacker can do
03Attacker Capabilities
Modify data on the site without authentication or user interaction.
Potential impact on your site
04Site Impact
Attackers can alter plugin data or settings without logging in, potentially affecting upsells, cross-sells, and order bump configurations.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user action required.
Key dates
06Disclosure timeline
April 25, 2025
CVE published
April 8, 2026
Record updated