CVE-2023-7320

The CVE affects the WordPress WooCommerce plugin; versions up to 7.8.2 expose store API REST endpoints due to improper CORS handling, enabling unauthenticated access to sensitive user data (PII) from any origin. This vulnerability is caused by misconfigured Cross-Origin Resource Sharing on the St...

CVE-2023-7320 WooCommerce <= 7.8.2 - Sensitive Information Exposure

The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract...