FunnelKit Funnel Builder
Moderate fix1 remedy
cpe:2.3:a:funnelkit:funnel_builder:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.11.0.2
FunnelKit Plugins Sensitive Information Exposure Vulnerability Allowing Privilege Escalation
Vulnerability
Patched
A vulnerability allowing sensitive information exposure has been identified in multiple FunnelKit plugins, including FunnelKit - Funnel Builder for WooCommerce Checkout and FunnelKit Automations - Email Marketing Automation and CRM for WordPress & WooCommerce, all versions through 3.6.3 or 3.11.0.2. This vulnerability arises from the wf_get_cookie shortcode, which authenticated attackers with Contributor-level access and above can exploit to extract sensitive data such as authentication cookies of other users. This could potentially lead to privilege escalation.
Impact
Exploitation of this vulnerability could allow an authenticated attacker to access sensitive information, including authentication cookies of other users, which may facilitate privilege escalation.
Remediation
Users can update to FunnelKit - Funnel Builder for WooCommerce Checkout version 3.11.1 or FunnelKit Automations version 3.6.4.
Added: Aug 19, 2025, 8:20 AM
Updated: Aug 19, 2025, 8:20 AM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
5.0exploitability
6.1remediation
7.7relevance
0.4threat
3.2urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.