Medium severity5.3NVD Advisory· Published Dec 27, 2020· Updated Jun 17, 2026
CVE-2020-29156
CVE-2020-29156
Description
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
woocommerce/woocommercePackagist | < 4.7.0 | 4.7.0 |
Affected products
1Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-wwh8-v3j3-gxfwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-29156ghsaADVISORY
- raw.githubusercontent.com/woocommerce/woocommerce/master/changelog.txtnvdRelease NotesThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.