BigCommerce <= 5.0.7 - Unauthenticated Sensitive Information Exposure

bigcommerce / bigcommerce-for-wordpress

A headless commerce integration for WordPress, powered by BigCommerce

https://www.bigcommerce.com/wordpress/

GNU General Public License v2.0

110 stars 48 forks source link

BigCommerce <= 5.0.7 - Unauthenticated Sensitive Information Exposure #455

Closed 2gen closed 1 month ago

2gen commented 9 months ago

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/bigcommerce/bigcommerce-506-unauthenticated-sensitive-information-exposure

The BigCommerce For WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.0.7. This makes it possible for unauthenticated attackers to extract sensitive data.

Anyone know what sensitive information is currently exposed?

Also any indication when this will be patched?

chanceaclark commented 1 month ago

Pretty sure we fixed this in version 5.0.7. Not sure why the websites are not reporting it fixed