What the vulnerability does
01Description
Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.
Explanation of Vulnerability in Simple Terms
Tax Exempt for WooCommerce versions up to 1.9.3 contain an information disclosure vulnerability. An authenticated attacker with low privileges can read sensitive data they should not have access to. The vulnerability requires network access but no user interaction. Update to a version newer than 1.9.3 to remediate.
What an attacker can do
Read sensitive data (such as customer information or tax settings) without authorization.
Potential impact on your site
Customer data or tax configuration details may be exposed to authenticated users with limited permissions.
Conditions required to exploit
Attacker must have a low-privilege WooCommerce account; network access required.
Key dates
External resources
Related vulnerabilities