Headline
CVE-2022-41655: WordPress Phone Orders for WooCommerce plugin <= 3.7.1 - Auth. Sensitive Data Exposure vulnerability - Patchstack
Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress.
Verified
Fixed
4.3
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 3.7.1
PSID
021f82d9c204
Classification
Other Vulnerability Type
OWASP Top 10
A3: Sensitive Data Exposure
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-10-24
Details
Auth. Sensitive Data Exposure vulnerability discovered by Lana Codes (Patchstack Alliance) in WordPress Phone Orders for WooCommerce plugin (versions <= 3.7.1).
Solution
Update the WordPress Phone Orders for WooCommerce plugin to the latest available version (at least 3.7.2).
References