CVE-2025-7654

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make privilege escalation possible. Please note both FunnelKit – Funnel Builder for WooCommerce Checkout AND FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce are affected by this.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.11.0.2/woofunnels/includes/class-bwf-data-tags.php#L52
https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/3.6.3/woofunnels/includes/class-bwf-data-tags.php#L52
https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0983d7-6c7e-41cb-8997-578d362d9c9f?source=cve

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-19 08:15

Updated : 2025-08-19 13:42

NVD link : CVE-2025-7654

Mitre link : CVE-2025-7654

CVE.ORG link : CVE-2025-7654

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2025-7654", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-08-19T08:15:29.333", "references": [{"url": "https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.11.0.2/woofunnels/includes/class-bwf-data-tags.php#L52", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/3.6.3/woofunnels/includes/class-bwf-data-tags.php#L52", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0983d7-6c7e-41cb-8997-578d362d9c9f?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make privilege escalation possible.\r\n\r\nPlease note both FunnelKit \u2013 Funnel Builder for WooCommerce Checkout AND FunnelKit Automations \u2013 Email Marketing Automation and CRM for WordPress & WooCommerce are affected by this."}, {"lang": "es", "value": "Varios complementos de FunnelKit son vulnerables a la exposici\u00f3n de informaci\u00f3n confidencial a trav\u00e9s del shortcode wf_get_cookie. Esto permite que atacantes autenticados, con acceso de colaborador o superior, extraigan datos confidenciales, incluyendo cookies de autenticaci\u00f3n de otros usuarios del sitio, lo que podr\u00eda permitir la escalada de privilegios. Tenga en cuenta que tanto FunnelKit (Funnel Builder para WooCommerce Checkout) como FunnelKit Automations (Automatizaci\u00f3n de email marketing y CRM para WordPress y WooCommerce) se ven afectados por esto."}], "lastModified": "2025-08-19T13:42:47.510", "sourceIdentifier": "security@wordfence.com"}