Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
PR:L reflects subscriber-role authentication prerequisite; C:H reflects full read access to other users' sensitive order and personal data; I:N and A:N because exploitation yields read-only data exposure with no write or availability impact.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.
AnalysisAI
Sensitive subscriber data exposure in the WPPizza WordPress plugin (versions ≤ 3.19.9) permits any authenticated user with a subscriber-level account to access protected data belonging to other users, such as customer order records or personal information managed by the plugin. The vulnerability stems from insufficient access control enforcement on data retrieval functionality (CWE-497), where low-privilege users are permitted to query sensitive system information outside their authorization scope. No public exploit code or confirmed active exploitation has been identified at time of analysis, though the low access complexity makes opportunistic exploitation realistic on sites permitting public user registration.
Technical ContextAI
WPPizza is a WordPress food ordering plugin developed by ollybach (CPE: cpe:2.3:a:ollybach:wppizza:*:*:*:*:*:*:*:*) that manages customer orders, menu items, and subscriber data within the WordPress ecosystem. CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere) identifies the root cause as a failure to restrict access to privileged data from insufficiently privileged callers. In WordPress plugins, this class of flaw typically manifests as missing or improperly enforced capability checks on AJAX action handlers, REST API endpoints, or shortcode callbacks - allowing any authenticated user (even the lowest 'subscriber' role) to trigger data-retrieval operations that should be restricted to administrators or the data owner. The plugin's typical data scope includes customer names, addresses, phone numbers, and order histories, making this category of exposure particularly sensitive under data protection frameworks.
RemediationAI
The primary remediation is to update WPPizza to a version beyond 3.19.9 as soon as a patched release is published; no exact fixed version number is confirmed in the available intelligence, so administrators should monitor the official WordPress plugin repository and the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/wppizza/vulnerability/wordpress-wppizza-plugin-3-19-9-sensitive-data-exposure-vulnerability for patch confirmation. As an immediate compensating control, disable public user registration on the WordPress site (wp-admin → Settings → General → uncheck 'Anyone can register') to eliminate the low-privilege account acquisition path required for exploitation - this is highly effective but prevents legitimate subscriber self-registration, which may be a business-critical feature for ordering workflows. If open registration must remain enabled, deploy a web application firewall rule to restrict access to WPPizza-specific AJAX endpoints (typically filtered by 'action=wppizza_*' in POST bodies to wp-admin/admin-ajax.php) to authenticated users whose roles match expected customer roles only. Audit existing subscriber accounts for unauthorized access if the plugin has been internet-exposed in its vulnerable state.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ollybach WP
Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low at
Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low at
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36806
GHSA-vmh5-x928-7v6f