CVE-2026-32372 MEDIUM

CVE-2026-32372: WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 3.2.4 - Sensitive Data Exposure vulnerability

Vendor Radiustheme
Product ShopBuilder – Elementor WooCommerce Builder Addons
Weakness CWE-497
Published March 13, 2026
Last update April 29, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4.

Explanation of Vulnerability in Simple Terms

02Summary

ShopBuilder for Elementor contains a flaw that exposes sensitive information to unauthenticated attackers over the network. The vulnerability requires no user interaction and affects all versions up to 3.2.4. An attacker can read non-public data without authentication, though they cannot modify site content or disrupt service.

What an attacker can do

03Attacker Capabilities

Read sensitive information from the site without logging in.

Potential impact on your site

04Site Impact

Confidential data may be exposed to anyone on the internet; update the plugin immediately.

Conditions required to exploit

05Prerequisites

Network access only; no authentication or user interaction required.

Key dates

06Disclosure timeline

March 13, 2026 CVE published
April 29, 2026 Record updated

Related vulnerabilities

08Related CVE