Impact
An unauthenticated flaw in the Signature Add‑On for WooCommerce allows an attacker to read sensitive data exposed through the plugin’s interface or database. The weakness, identified as an information disclosure defect, can lead to the compromise of confidential customer or transaction information, undermining privacy and potentially facilitating further attacks. The impact is confined to data leakage, not execution or availability.
Affected Systems
WordPress sites using the WP E‑Signature Signature Add‑On for WooCommerce plugin version 2.0 or earlier. The vendor recommends upgrading to at least version 2.0.1 to resolve the vulnerability.
Risk and Exploitability
The CVSS score of 7.5 indicates a moderate to high severity, while the EPSS score of less than 1% suggests the likelihood of exploitation is low at present. The issue is not listed in the CISA KEV catalog, meaning it has not been reported as a known exploited vulnerability. Likely, an attacker could exploit this unauthenticated flaw remotely, accessing disallowed data without authentication or additional footholds.
OpenCVE Enrichment