First published: Sun Dec 27 2020(Updated: )
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the `order_id` parameter in a `fetch_order_status` action.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/woocommerce/woocommerce | <4.7.0 | 4.7.0 |
Woocommerce Woocommerce | <4.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-29156 is a vulnerability in the WooCommerce plugin for WordPress that allows remote attackers to view the status of arbitrary orders.
The severity of CVE-2020-29156 is medium with a CVSS score of 5.3.
CVE-2020-29156 allows remote attackers to view the status of orders through the order_id parameter in a fetch_order_status action.
Yes, WooCommerce plugin version 4.7.0 or later addresses the CVE-2020-29156 vulnerability.
You can find more information about CVE-2020-29156 in the GitHub repository (https://github.com/Ko-kn3t/CVE-2020-29156) and the official WooCommerce changelog (https://raw.githubusercontent.com/woocommerce/woocommerce/master/changelog.txt).