Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Remote unauthenticated, low complexity (AV:N/AC:L/PR:N/UI:N), but confidentiality impact is limited to a bounded set of product fields, so C:L not C:H; no integrity or availability impact.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data (title, price, weight, stock status, and configurator option pricing/SKUs) of private and draft, non-public products by supplying the product ID. WordPress post-visibility controls are bypassed.
Articles & Coverage 1
AnalysisAI
Unauthenticated information disclosure in the Product Configurator for WooCommerce WordPress plugin (versions before 1.7.3) exposes sensitive product data through a public AJAX action that skips authorization and post-status checks. By supplying only a product ID, remote unauthenticated users can read titles, prices, weights, stock status, and configurator option pricing/SKUs of private and draft products, bypassing WordPress post-visibility controls. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires only that the vulnerable plugin (before 1.7.3) is installed and active on a WooCommerce store, and that the attacker supplies a product ID to the plugin's public (nopriv) AJAX action - no authentication, user interaction, or non-default configuration is needed, matching AV:N/AC:L/PR:N/UI:N. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, base 7.5) reflects a network-reachable, low-complexity, unauthenticated flaw with confidentiality-only impact and no integrity or availability effect - consistent with an information-disclosure bug rather than code execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker scripts requests to the plugin's public AJAX action, iterating product IDs to enumerate products the store intended to keep private or in draft. Because publicly available exploit code exists and the CVSS vector is AV:N/AC:L/PR:N/UI:N (no auth, no user interaction, low complexity), the attacker can harvest unreleased pricing, upcoming SKUs, and stock levels at scale from a competitor's or victim's store with a simple loop. |
| Remediation | Vendor-released patch: 1.7.3 - upgrade the Product Configurator for WooCommerce plugin to version 1.7.3 or later, which is the primary and recommended fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all WordPress sites running Product Configurator for WooCommerce plugin versions prior to 1.7.3. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40916
GHSA-x525-xmpm-prq9