CVE-2026-11568
Product Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_data
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data (title, price, weight, stock status, and configurator option pricing/SKUs) of private and draft, non-public products by supplying the product ID. WordPress post-visibility controls are bypassed.
| Vendor | unknown |
| Product | product configurator for woocommerce |
| Published | Jul 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown product configurator for woocommerce
Be the first to know when new unknown vulnerabilities affecting unknown product configurator for woocommerce are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / Product Configurator for WooCommerce
0 < 1.7.3
References
Credits
Ahmed Hashim Ismael WPScan