CVE-2023-7320
WooCommerce <= 7.8.2 - Sensitive Information Exposure
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract sensitive user information including PII(Personal Identifiable Information).
| CWE | CWE-200 |
| Vendor | automattic |
| Product | woocommerce |
| Published | Oct 29, 2025 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for automattic woocommerce
Be the first to know when new medium vulnerabilities affecting automattic woocommerce are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
automattic / WooCommerce
0 โค 7.8.2
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2d1879-c337-41c9-9f47-f9c2fe8e5928?source=cve wpscan.com: https://wpscan.com/vulnerability/d1cec296-b5df-4cea-8c0d-d03a975cb6af plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2939652@woocommerce/trunk&old=2933569@woocommerce/trunk&sfp_email=&sfph_mail=
Credits
osama-hamad