{"id":54797,"date":"2025-06-24T16:41:33","date_gmt":"2025-06-24T16:41:33","guid":{"rendered":""},"modified":"2025-08-08T11:19:23","modified_gmt":"2025-08-08T17:19:23","slug":"cve-2025-1562-unauthorized-arbitrary-plugin-installation-in-funnelkit-plugin-for-wordpress","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-1562-unauthorized-arbitrary-plugin-installation-in-funnelkit-plugin-for-wordpress\/","title":{"rendered":"CVE-2025-1562: Unauthorized Arbitrary Plugin Installation in FunnelKit Plugin for WordPress<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-1562 is a critical vulnerability that affects the Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress. This vulnerability has a high potential for system compromise and data leakage and is highly likely to be exploited by unauthenticated attackers. All versions of the plugin up to, and including, 3.5.3 are at risk. The vulnerability matters because it exposes the WordPress<\/a> site to potential device compromises and data breaches that can result in reputational damage, financial loss, and legal repercussions.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-1562
\nSeverity: Critical (9.8 CVSS Severity Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Unauthorized arbitrary plugin installation leading to potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n