๐Ÿ” CVE Alert

CVE-2026-11568

UNKNOWN 0.0

Product Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_data

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data (title, price, weight, stock status, and configurator option pricing/SKUs) of private and draft, non-public products by supplying the product ID. WordPress post-visibility controls are bypassed.

Vendor unknown
Product product configurator for woocommerce
Published Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for unknown product configurator for woocommerce

Be the first to know when new unknown vulnerabilities affecting unknown product configurator for woocommerce are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Product Configurator for WooCommerce
0 < 1.7.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/e208fee5-dad5-4aeb-b9b5-fbd72a5633e4/

Credits

Ahmed Hashim Ismael WPScan