Description
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
Published: 2026-06-15
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated flaw in the Signature Add‑On for WooCommerce allows an attacker to read sensitive data exposed through the plugin’s interface or database. The weakness, identified as an information disclosure defect, can lead to the compromise of confidential customer or transaction information, undermining privacy and potentially facilitating further attacks. The impact is confined to data leakage, not execution or availability.

Affected Systems

WordPress sites using the WP E‑Signature Signature Add‑On for WooCommerce plugin version 2.0 or earlier. The vendor recommends upgrading to at least version 2.0.1 to resolve the vulnerability.

Risk and Exploitability

The CVSS score of 7.5 indicates a moderate to high severity, while the EPSS score of less than 1% suggests the likelihood of exploitation is low at present. The issue is not listed in the CISA KEV catalog, meaning it has not been reported as a known exploited vulnerability. Likely, an attacker could exploit this unauthenticated flaw remotely, accessing disallowed data without authentication or additional footholds.

Generated by OpenCVE AI on June 18, 2026 at 00:22 UTC.

Remediation

Vendor Solution

Update the WordPress Signature Add-On for WooCommerce Plugin to the latest available version (at least 2.0.1).


OpenCVE Recommended Actions

  • Apply the vendor’s update to at least version 2.0.1 of the Signature Add‑On for WooCommerce
  • Review the plugin’s stored data and remove or encrypt any sensitive information that is no longer required
  • Monitor access logs for abnormal activity that may indicate attempts to exploit the data disclosure flaw

Generated by OpenCVE AI on June 18, 2026 at 00:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wp E-signature
Wp E-signature signature Add-on For Woocommerce
Vendors & Products Wordpress
Wordpress wordpress
Wp E-signature
Wp E-signature signature Add-on For Woocommerce

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce <= 2.0 versions.
Title WordPress Signature Add-On for WooCommerce plugin <= 2.0 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Wordpress Wordpress
Wp E-signature Signature Add-on For Woocommerce
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-16T01:16:53.759Z

Reserved: 2026-06-08T10:11:03.696Z

Link: CVE-2026-52694

cve-icon Vulnrichment

Updated: 2026-06-16T01:16:48.670Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T21:17:24.090

Modified: 2026-06-15T21:24:32.790

Link: CVE-2026-52694

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:06:35Z

Weaknesses
  • CWE-497

    Exposure of Sensitive System Information to an Unauthorized Control Sphere