{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7654", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-14T17:44:54.928Z", "datePublished": "2025-08-19T07:26:27.589Z", "dateUpdated": "2026-04-08T17:18:37.804Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:18:37.804Z"}, "affected": [{"vendor": "amans2k", "product": "FunnelKit Automations \u2013 Email Marketing Automation and CRM for WordPress & WooCommerce", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.6.3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "amans2k", "product": "FunnelKit \u2013 Funnel Builder for WooCommerce Checkout", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.11.0.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make privilege escalation possible.\r\n\r\nPlease note both FunnelKit \u2013 Funnel Builder for WooCommerce Checkout AND FunnelKit Automations \u2013 Email Marketing Automation and CRM for WordPress & WooCommerce are affected by this."}], "title": "Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0983d7-6c7e-41cb-8997-578d362d9c9f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/3.6.3/woofunnels/includes/class-bwf-data-tags.php#L52"}, {"url": "https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.11.0.2/woofunnels/includes/class-bwf-data-tags.php#L52"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "timeline": [{"time": "2025-08-11T12:24:38.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-08-18T18:57:21.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-19T13:51:58.857457Z", "id": "CVE-2025-7654", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-19T13:52:06.610Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7654", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-19T13:51:58.857457Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-19T13:52:02.412Z"}}], "cna": {"title": "Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library", "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "amans2k", "product": "FunnelKit Automations \u2013 Email Marketing Automation and CRM for WordPress & WooCommerce", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.6.3"}], "defaultStatus": "unaffected"}, {"vendor": "amans2k", "product": "FunnelKit \u2013 Funnel Builder for WooCommerce Checkout", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.11.0.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-11T12:24:38.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-08-18T18:57:21.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0983d7-6c7e-41cb-8997-578d362d9c9f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/3.6.3/woofunnels/includes/class-bwf-data-tags.php#L52"}, {"url": "https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.11.0.2/woofunnels/includes/class-bwf-data-tags.php#L52"}], "descriptions": [{"lang": "en", "value": "Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make privilege escalation possible.\r\n\r\nPlease note both FunnelKit \u2013 Funnel Builder for WooCommerce Checkout AND FunnelKit Automations \u2013 Email Marketing Automation and CRM for WordPress & WooCommerce are affected by this."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:18:37.804Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7654", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:18:37.804Z", "dateReserved": "2025-07-14T17:44:54.928Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-19T07:26:27.589Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make privilege escalation possible.\r\n\r\nPlease note both FunnelKit \u2013 Funnel Builder for WooCommerce Checkout AND FunnelKit Automations \u2013 Email Marketing Automation and CRM for WordPress & WooCommerce are affected by this."}, {"lang": "es", "value": "Varios complementos de FunnelKit son vulnerables a la exposici\u00f3n de informaci\u00f3n confidencial a trav\u00e9s del shortcode wf_get_cookie. Esto permite que atacantes autenticados, con acceso de colaborador o superior, extraigan datos confidenciales, incluyendo cookies de autenticaci\u00f3n de otros usuarios del sitio, lo que podr\u00eda permitir la escalada de privilegios. Tenga en cuenta que tanto FunnelKit (Funnel Builder para WooCommerce Checkout) como FunnelKit Automations (Automatizaci\u00f3n de email marketing y CRM para WordPress y WooCommerce) se ven afectados por esto."}], "id": "CVE-2025-7654", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-08-19T08:15:29.333", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/funnel-builder/tags/3.11.0.2/woofunnels/includes/class-bwf-data-tags.php#L52"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/3.6.3/woofunnels/includes/class-bwf-data-tags.php#L52"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0983d7-6c7e-41cb-8997-578d362d9c9f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T19:52:41.752808+00:00", "value": {"mitigation_remediation": ["Upgrade to a patched version of FunnelKit plugins", "Remove or disable the wf_get_cookie shortcode", "Restrict Contributor role or above to trusted users"], "summary": {"action": "Apply Patch", "impact": "Privilege escalation through sensitive cookie exposure"}, "threat_synthesis": {"affected_systems": "Affected products are FunnelKit Automations \u2013 Email Marketing Automation and CRM for WordPress & WooCommerce and FunnelKit \u2013 Funnel Builder for WooCommerce Checkout. No specific affected version ranges are provided in the available data.", "description_and_impact": "The vulnerability arises from the wf_get_cookie shortcode present in multiple FunnelKit plugins. When an authenticated user with Contributor-level access or higher executes the shortcode, the plugin exposes authentication cookies belonging to other site users. This sensitive data exposure allows the attacker to obtain credentials for other accounts, potentially leading to privilege escalation. The flaw is classified as CWE\u2011200, Sensitive Data Exposure.", "risk_and_exploitability": "The CVSS score of 8.8 indicates high severity. EPSS is <1%, implying that the probability of exploitation at present is low, and the vulnerability is not currently listed in the CISA KEV catalog. The attack requires a local authenticated context; the attacker must already have Contributor-level access to the WordPress site. Once the shortcode is used, the attacker can retrieve other users\u2019 authentication cookies. If those cookies are valid or can be replayed, the attacker could access privileged areas of the site, effectively escalating privileges."}}}}, "created": "2026-04-20T20:00:10.519542+00:00", "updated": "2026-04-20T20:00:10.519560+00:00", "vendors": []}