WordPress WooCommerce plugin <= 5.6.0 - Analytics Report Leaks vulnerability

woocommerce

Software
WooCommerce
Vulnerable Versions
<= 5.6.0
Fixed in version
5.7.0
CVE
CVE-N/A
Credits
Classification
Information Disclosure
OWASP Top 10
A3: Sensitive Data Exposure
Disclosure Date
2021-09-22
CVSS 3.0 score

3.7

Low

Requires specific hosting configuration.

Are your websites subject to this vulnerability?

Details

Analytics Report Leaks vulnerability discovered in the WordPress WooCommerce plugin (versions <= 5.6.0).

Solution

Update the WordPress WooCommerce plugin to the latest available version (at least 5.7.0). Other patched versions of WooCommerce: 4.0.3, 4.1.3, 4.2.4, 4.3.5, 4.4.3, 4.5.4, 4.6.4, 4.7.3, 4.8.2, 4.9.4, 5.0.2, 5.1.2, 5.2.4, 5.3.2, 5.4.3, 5.5.3, 5.6.1 (and patched versions of WooCommerce Admin, 1.0.4, 1.1.4, 1.2.5, 1.3.3, 1.4.1, 1.5.1, 1.6.4, 1.7.4, 1.8.4, 1.9.1, 2.0.4, 2.1.6, 2.2.7, 2.3.2, 2.4.5, 2.5.2, 2.6.4).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.