CVE-2026-57753
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
The Kit (formerly ConvertKit) plugin for WooCommerce versions 2.1.5 and earlier allows unauthenticated attackers to access sensitive data. This vulnerability stems from a lack of proper access controls on data stored by the plugin.
Risk Assessment
The organization is at risk of leaking confidential customer information, such as personal data or order details, which could lead to data protection regulation violations (e.g., GDPR) and loss of customer trust.
Recommendation
Immediately update the Kit for WooCommerce plugin to the latest available version that addresses this vulnerability. If an update is not possible, consider temporarily disabling the plugin until a patch is applied.
Original NVD description (English source)
Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions.

