CVE-2025-7654

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make privilege escalation possible. Please note both FunnelKit – Funnel Builder for WooCommerce Checkout AND FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce are affected by this.

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.11.0.2/woofunnels/includes/class-bwf-data-tags.php#L52
https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/3.6.3/woofunnels/includes/class-bwf-data-tags.php#L52
https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0983d7-6c7e-41cb-8997-578d362d9c9f?source=cve

Configurations

No configuration.

History

19 Aug 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-19 08:15

Updated : 2025-08-19 08:15

NVD link : CVE-2025-7654

Mitre link : CVE-2025-7654

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.11.0.2/woofunnels/includes/class-bwf-data-tags.php#L52", "name": "https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.11.0.2/woofunnels/includes/class-bwf-data-tags.php#L52", "tags": [], "refsource": ""}, {"url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/3.6.3/woofunnels/includes/class-bwf-data-tags.php#L52", "name": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/3.6.3/woofunnels/includes/class-bwf-data-tags.php#L52", "tags": [], "refsource": ""}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0983d7-6c7e-41cb-8997-578d362d9c9f?source=cve", "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0983d7-6c7e-41cb-8997-578d362d9c9f?source=cve", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make privilege escalation possible.\r\n\r\nPlease note both FunnelKit \u2013 Funnel Builder for WooCommerce Checkout AND FunnelKit Automations \u2013 Email Marketing Automation and CRM for WordPress & WooCommerce are affected by this."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-7654", "ASSIGNER": "cve-request@wordfence.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2025-08-19T08:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-19T08:15Z"}