WordPress · Woocommerce · CVE-2023-7320
**Name of the Vulnerable Software and Affected Versions**
WooCommerce versions prior to 7.8.3
**Description**
The WooCommerce plugin for WordPress exhibits a sensitive information exposure issue due to improper CORS (Cross-Origin Resource Sharing) handling on the Store API’s REST endpoints. This allows direct external access from any origin, potentially enabling unauthenticated attackers to extract sensitive user information, including PII (Personally Identifiable Information). The affected API endpoints are susceptible to unauthorized access because of the misconfigured CORS policy.
**Recommendations**
Update to WooCommerce version 7.8.3 or later.