Description
Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make privilege escalation possible.

Please note both FunnelKit – Funnel Builder for WooCommerce Checkout AND FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce are affected by this.
Published: 2025-08-19
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege escalation through sensitive cookie exposure
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from the wf_get_cookie shortcode present in multiple FunnelKit plugins. When an authenticated user with Contributor-level access or higher executes the shortcode, the plugin exposes authentication cookies belonging to other site users. This sensitive data exposure allows the attacker to obtain credentials for other accounts, potentially leading to privilege escalation. The flaw is classified as CWE‑200, Sensitive Data Exposure.

Affected Systems

Affected products are FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce and FunnelKit – Funnel Builder for WooCommerce Checkout. No specific affected version ranges are provided in the available data.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. EPSS is <1%, implying that the probability of exploitation at present is low, and the vulnerability is not currently listed in the CISA KEV catalog. The attack requires a local authenticated context; the attacker must already have Contributor-level access to the WordPress site. Once the shortcode is used, the attacker can retrieve other users’ authentication cookies. If those cookies are valid or can be replayed, the attacker could access privileged areas of the site, effectively escalating privileges.

Generated by OpenCVE AI on April 20, 2026 at 19:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version of FunnelKit plugins
  • Remove or disable the wf_get_cookie shortcode
  • Restrict Contributor role or above to trusted users

Generated by OpenCVE AI on April 20, 2026 at 19:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-25167 Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make privilege escalation possible. Please note both FunnelKit – Funnel Builder for WooCommerce Checkout AND FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce are affected by this.
History

Tue, 19 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 19 Aug 2025 07:45:00 +0000

Type Values Removed Values Added
Description Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make privilege escalation possible. Please note both FunnelKit – Funnel Builder for WooCommerce Checkout AND FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce are affected by this.
Title Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:18:37.804Z

Reserved: 2025-07-14T17:44:54.928Z

Link: CVE-2025-7654

cve-icon Vulnrichment

Updated: 2025-08-19T13:52:02.412Z

cve-icon NVD

Status : Deferred

Published: 2025-08-19T08:15:29.333

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-7654

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T20:00:10Z

Weaknesses