CVE-2025-58598 MEDIUM

CVE-2025-58598: WordPress Klarna Order Management for WooCommerce Plugin <= 1.9.8 - Sensitive Data Exposure Vulnerability

Vendor Klarna
Product Klarna Order Management for WooCommerce
Weakness CWE-215
Published September 3, 2025
Last update May 13, 2026

CVSS base score

6.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Klarna Order Management for WooCommerce: from n/a through <= 1.9.8.

Explanation of Vulnerability in Simple Terms

02Summary

Klarna Order Management for WooCommerce versions up to 1.9.8 contain an information disclosure vulnerability. An authenticated administrator with high privileges can access sensitive data beyond their intended scope due to improper access controls. The vulnerability requires network access and high-level administrative credentials to exploit. Confidentiality impact is high; integrity impact is low.

What an attacker can do

03Attacker Capabilities

Read sensitive information beyond the attacker's authorized scope.

Potential impact on your site

04Site Impact

A malicious admin or compromised admin account can access confidential order or payment data.

Conditions required to exploit

05Prerequisites

Attacker must have high-level administrative credentials on the WooCommerce site.

Key dates

06Disclosure timeline

September 3, 2025 CVE published
May 13, 2026 Record updated