What the vulnerability does
01Description
Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Klarna Order Management for WooCommerce: from n/a through <= 1.9.8.
Explanation of Vulnerability in Simple Terms
02Summary
Klarna Order Management for WooCommerce versions up to 1.9.8 contain an information disclosure vulnerability. An authenticated administrator with high privileges can access sensitive data beyond their intended scope due to improper access controls. The vulnerability requires network access and high-level administrative credentials to exploit. Confidentiality impact is high; integrity impact is low.
What an attacker can do
03Attacker Capabilities
Read sensitive information beyond the attacker's authorized scope.
Potential impact on your site
04Site Impact
A malicious admin or compromised admin account can access confidential order or payment data.
Conditions required to exploit
05Prerequisites
Attacker must have high-level administrative credentials on the WooCommerce site.
Key dates
06Disclosure timeline
September 3, 2025
CVE published
May 13, 2026
Record updated