Primary

Context

FunnelKit Automations WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Patched

A vulnerability allowing sensitive information exposure exists in the FunnelKit Automations WordPress plugin, specifically in versions through 3.6.4.1. The issue arises in the '/wc-coupons/' REST API endpoint, which is publicly accessible and lacks proper authentication and capability checks. This vulnerability enables unauthenticated attackers to retrieve sensitive data, including WooCommerce coupon codes, IDs, and expiration statuses.

Impact

Exploitation of this vulnerability allows unauthenticated users to access sensitive WooCommerce coupon information, including codes, IDs, and expiration statuses.

Remediation

Users can update to FunnelKit Automations version 3.6.4.2 or a newer patched version to address this vulnerability.

Added: Nov 5, 2025, 10:22 AM

Updated: Nov 5, 2025, 10:22 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

9.0

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

9.0

remediation

7.7

relevance

0.9

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FunnelKit Automations WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

FunnelKit Automations

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating