CVE-2025-7654 Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library

🗓️ 19 Aug 2025 07:26:27Reported by WordfenceType

FunnelKit plugins leak cookies via wf_get_cookie; Contributor+ can exfiltrate and escalate.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-7654	19 Aug 202508:06	–	circl
CNNVD	wordpress plugin FunnelKit – Funnel Builder for WooCommerce Checkout和wordpress plugin FunnelKit Automations 信息泄露漏洞	19 Aug 202500:00	–	cnnvd
CVE	CVE-2025-7654	19 Aug 202507:26	–	cve
EUVD	EUVD-2025-25167	3 Oct 202520:07	–	euvd
NVD	CVE-2025-7654	19 Aug 202508:15	–	nvd
Patchstack	WordPress FunnelKit Automations plugin <= 3.6.3 - Privilege Escalation vulnerability	18 Aug 202521:48	–	patchstack
Patchstack	WordPress FunnelKit plugin <= 3.11.0.2 - Privilege Escalation vulnerability	18 Aug 202521:48	–	patchstack
Positive Technologies	PT-2025-33711 · WordPress · Funnelkit – Funnel Builder For Woocommerce Checkout +1	19 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-7654	21 Aug 202507:36	–	redhatcve
Vulnrichment	CVE-2025-7654 Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library	19 Aug 202507:26	–	vulnrichment

[
  {
    "vendor": "amans2k",
    "product": "FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "3.6.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "amans2k",
    "product": "FunnelKit – Funnel Builder for WooCommerce Checkout",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "3.11.0.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/bc0983d7-6c7e-41cb-8997-578d362d9c9f
plugins	www.plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/3.6.3/woofunnels/includes/class-bwf-data-tags.php
plugins	www.plugins.trac.wordpress.org/browser/funnel-builder/tags/3.11.0.2/woofunnels/includes/class-bwf-data-tags.php

08 Apr 2026 17:18Current

CVSS 3.18.8

EPSS0.00111

CWE-200