CVE-2025-7654
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-08-19
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| funnelkit | wp_marketing_automations | * |
| funnelkit | funnel_builder | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in multiple FunnelKit plugins where the shortcode wf_get_cookie allows authenticated users with Contributor-level access or higher to retrieve sensitive information, including authentication cookies of other users. This exposure happens because the shortcode can extract cookie data or URL parameters without proper restrictions, enabling attackers to access sensitive session data of other site users. [1, 2]
How can this vulnerability impact me? :
An attacker with Contributor-level access or above can exploit this vulnerability to obtain authentication cookies of other users, potentially allowing them to escalate privileges and gain unauthorized access to higher-level accounts or sensitive areas of the site. This can lead to full site compromise, data theft, or unauthorized actions performed under other users' identities.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence and usage of the vulnerable shortcodes [wf_get_cookie] in WordPress content or posts, which expose sensitive cookie data. You can search your WordPress database or content files for the shortcode usage. Additionally, monitoring HTTP requests for attempts to exploit the wf_get_cookie shortcode by looking for URL parameters or POST data containing wf_get_cookie or related keys may help detect exploitation attempts. For example, you can use the following commands on your server: 1) Search WordPress content for the shortcode: grep -r '\[wf_get_cookie' /path/to/wordpress/wp-content/uploads/ 2) Search database posts table for shortcode usage (using MySQL): SELECT ID, post_content FROM wp_posts WHERE post_content LIKE '%[wf_get_cookie%'; 3) Monitor web server logs for suspicious requests containing wf_get_cookie or cookie keys: grep 'wf_get_cookie' /var/log/apache2/access.log or /var/log/nginx/access.log 4) Use network monitoring tools (e.g., tcpdump or Wireshark) to capture HTTP requests with suspicious query parameters related to cookie keys. These steps help identify if the vulnerable shortcode is present and if exploitation attempts are occurring. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Update the affected FunnelKit plugins (Funnel Builder for WooCommerce Checkout and FunnelKit Automations) to the latest patched versions that fix the vulnerability. 2) Restrict access to the WordPress site so that only trusted users have Contributor-level access or higher, as the vulnerability requires authenticated users with at least Contributor privileges. 3) Remove or disable the usage of the wf_get_cookie shortcode in WordPress content until a patch is applied. 4) Monitor user roles and permissions to ensure no unauthorized privilege escalation. 5) Consider temporarily disabling the vulnerable plugins if patching is not immediately possible. These steps reduce the risk of sensitive cookie data exposure and privilege escalation.