cleantalk
Vulnerabilities and Security Researches

Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit, CVE-2025-7654

CVE, Research URL

CVE-2025-7654

Home page URL

Security reports for Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit

Application

Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit

Published on
Aug 19, 2025
Research Description
Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make privilege escalation possible. Please note both FunnelKit – Funnel Builder for WooCommerce Checkout AND FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce are affected by this.
Affected versions
Min -, max 3.6.4.
Status
vulnerable
Previous vulnerability researches
Flexible Map (CVE-2025-8622) , Aug 20, 2025
New vulnerability
PHP Compatibility Checker , Aug 21, 2025
Infility Global (CVE-2025-47650) , Aug 21, 2025
Contact Manager (CVE-2025-8783) , Aug 21, 2025
Custom Comment (CVE-2025-49889) , Aug 20, 2025
Awesome Support – WordPress HelpDesk & Support Plugin (CVE-2025-53340) , Aug 20, 2025