Signature Add On For Woocommerce
Monthly
Unauthenticated sensitive data exposure in the Signature Add-On for WooCommerce WordPress plugin versions 2.0 and earlier allows remote attackers to retrieve protected information without credentials over the network. Reported by Patchstack and tracked as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), the issue carries a CVSS 7.5 score driven entirely by confidentiality impact. At time of analysis there is no public exploit identified and no CISA KEV listing, but the trivial attack complexity makes opportunistic scanning plausible.
Unauthenticated sensitive data exposure in the Signature Add-On for WooCommerce WordPress plugin versions 2.0 and earlier allows remote attackers to retrieve protected information without credentials over the network. Reported by Patchstack and tracked as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), the issue carries a CVSS 7.5 score driven entirely by confidentiality impact. At time of analysis there is no public exploit identified and no CISA KEV listing, but the trivial attack complexity makes opportunistic scanning plausible.