Skip to main content

Kit Formerly Convertkit For Woocommerce

1 CVEs product

Monthly

CVE-2026-57753 MEDIUM This Month

Unauthenticated sensitive data exposure in the Kit (formerly ConvertKit) for WooCommerce WordPress plugin versions 2.1.5 and below allows remote unauthenticated attackers to access sensitive information without any credentials or user interaction. The vulnerability is classified under CWE-497, indicating the plugin inadvertently surfaces system or application-level sensitive data to an unauthorized control sphere - likely including API keys, subscriber data, or configuration secrets tied to the Kit email marketing integration. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

WordPress Information Disclosure Kit Formerly Convertkit For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated sensitive data exposure in the Kit (formerly ConvertKit) for WooCommerce WordPress plugin versions 2.1.5 and below allows remote unauthenticated attackers to access sensitive information without any credentials or user interaction. The vulnerability is classified under CWE-497, indicating the plugin inadvertently surfaces system or application-level sensitive data to an unauthorized control sphere - likely including API keys, subscriber data, or configuration secrets tied to the Kit email marketing integration. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

WordPress Information Disclosure Kit Formerly Convertkit For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy