What the vulnerability does
01Description
Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions.
Explanation of Vulnerability in Simple Terms
Kit for WooCommerce versions up to 2.1.5 expose sensitive information through an information disclosure vulnerability. An attacker on the network can read non-public data without authentication or user interaction. The vulnerability has a CVSS score of 5.3, indicating moderate risk to site confidentiality. Site administrators should update to a version newer than 2.1.5 when available.
What an attacker can do
Read sensitive non-public information from the site without logging in.
Potential impact on your site
Customer or internal data may be exposed to unauthenticated attackers over the network.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities