Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.2.
Published: 2026-01-23
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Apply Patch
AI Analysis

Impact

The identified flaw allows an attacker to retrieve embedded sensitive data from the WordPress Fraud Prevention For Woocommerce plugin. The exposure jeopardizes the confidentiality of credentials and configuration information that may be stored by the plugin, leading to potential compromise of the entire WordPress installation. The weakness is classified as CWE-497, indicating that sensitive data can be read without proper access controls.

Affected Systems

The vulnerability affects the Fraud Prevention For Woocommerce plugin developed by Dotstore, specifically all releases up to and including version 2.3.2. Users running any of these versions on a WordPress site are vulnerable until the plugin is updated.

Risk and Exploitability

With a CVSS score of 4.3 the issue is considered moderate and the EPSS score is below 1%, indicating a low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires an attacker to obtain administrative access to the WordPress backend or exploit other authenticated paths that allow interaction with the plugin’s embedded data, since no unauthenticated access is reported.

Generated by OpenCVE AI on April 16, 2026 at 01:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Fraud Prevention For Woocommerce plugin to the latest available version (2.3.3 or later) to close the data exposure path.
  • If the plugin is not required, uninstall or completely disable it to eliminate the vulnerable code from the site.
  • Apply standard WordPress security hardening: enforce strong passwords, restrict admin access to trusted IPs, and limit roles to only those necessary to manage the site.

Generated by OpenCVE AI on April 16, 2026 at 01:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.1. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.2.
Title WordPress Fraud Prevention For Woocommerce plugin <= 2.3.1 - Sensitive Data Exposure vulnerability WordPress Fraud Prevention For Woocommerce plugin <= 2.3.2 - Sensitive Data Exposure vulnerability

Mon, 26 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 26 Jan 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Mon, 26 Jan 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Dotstore
Dotstore fraud Prevention For Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Dotstore
Dotstore fraud Prevention For Woocommerce
Wordpress
Wordpress wordpress

Fri, 23 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.1.
Title WordPress Fraud Prevention For Woocommerce plugin <= 2.3.1 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References

Subscriptions

Dotstore Fraud Prevention For Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:14:16.693Z

Reserved: 2026-01-23T12:31:51.715Z

Link: CVE-2026-24553

cve-icon Vulnrichment

Updated: 2026-01-26T17:43:08.837Z

cve-icon NVD

Status : Deferred

Published: 2026-01-23T15:16:11.890

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24553

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T02:00:12Z

Weaknesses