WordPress WooCommerce Admin plugin <= 2.6.3 - Analytics Report Leaks vulnerability

woocommerce-admin

Software
WooCommerce Admin
Vulnerable Versions
<= 2.6.3
Fixed in version
2.6.4
CVE
CVE-N/A
Credits
Classification
Information Disclosure
OWASP Top 10
A3: Sensitive Data Exposure
Disclosure Date
2021-09-22
CVSS 3.0 score

3.7

Low

Requires specific hosting configuration.

Are your websites subject to this vulnerability?

Details

Analytics Report Leaks vulnerability discovered in WordPress WooCommerce Admin plugin (versions <= 2.6.3).

Solution

Update the WordPress WooCommerce Admin plugin to the latest available version (at least 2.6.4). Other patched versions of WooCommerce Admin: 1.0.4, 1.1.4, 1.2.5, 1.3.3, 1.4.1, 1.5.1, 1.6.4, 1.7.4, 1.8.4, 1.9.1, 2.0.4, 2.1.6, 2.2.7, 2.3.2, 2.4.5, 2.5.2, 2.6.4 (and patched versions of WooCommerce: 4.0.3, 4.1.3, 4.2.4, 4.3.5, 4.4.3, 4.5.4, 4.6.4, 4.7.3, 4.8.2, 4.9.4, 5.0.2, 5.1.2, 5.2.4, 5.3.2, 5.4.3, 5.5.3, 5.6.1, 5.7.0).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.