Unauthenticated Sensitive Data Exposure in WooCommerce Signature Add-On
CVE-2026-52694

7.5HIGH

Key Information:

Vendor: WordPress
Status: Signature Add-on For WooCommerce
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-52694?

The WooCommerce Signature Add-On for WordPress has a vulnerability that allows unauthorized users to access sensitive information. This risk arises due to inadequate access controls, allowing unauthenticated requests to retrieve private data stored within the application. Websites utilizing versions 2.0 and earlier of this add-on could potentially expose critical user information, resulting in privacy breaches. It is essential for users to assess their current configurations and ensure they apply available updates to mitigate this security risk.

Affected Version(s)

Signature Add-On for WooCommerce <= 2.0

References

https://patchstack.com/database/wordpress/plugin/woocomme...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Jun 8, 2026

Credit

Averon Averenkov | Patchstack Bug Bounty Program

CVE-2026-52694 Data

JSON