CVE-2023-7320Sensitive Information Exposure in Woocommerce

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 85.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Automattic Woocommerce
Timeline
PublishedOct 29

Description

The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract sensitive user information including PII(Personal Identifiable Information).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5automattic/woocommerce7.8.2

🔴Vulnerability Details

2
GHSA
GHSA-26xv-gjx4-vj92: The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 72025-10-29
CVEList
WooCommerce <= 7.8.2 - Sensitive Information Exposure2025-10-29
CVE-2023-7320 — Sensitive Information Exposure | cvebase