Vulnerability Description
The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract sensitive user information including PII(Personal Identifiable Information).
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new
- https://wpscan.com/vulnerability/d1cec296-b5df-4cea-8c0d-d03a975cb6af
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2d1879-c337-41c9-9f4
FAQ
What is CVE-2023-7320?
CVE-2023-7320 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing d...
How severe is CVE-2023-7320?
CVE-2023-7320 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-7320?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.