Medium severity5.3NVD Advisory· Published Oct 29, 2025· Updated Apr 15, 2026

CVE-2023-7320

Description

The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract sensitive user information including PII(Personal Identifiable Information).

Affected products

WordPress/WooCommerceinferred
Range: <=7.8.2
Package: https://wordpress.org/plugins/woocommerce

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changesetnvd
wpscan.com/vulnerability/d1cec296-b5df-4cea-8c0d-d03a975cb6afnvd
www.wordfence.com/threat-intel/vulnerabilities/id/7b2d1879-c337-41c9-9f47-f9c2fe8e5928nvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000