CVE Catalog

CVE-2026-57753

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

The Kit (formerly ConvertKit) plugin for WooCommerce versions 2.1.5 and earlier allows unauthenticated attackers to access sensitive data. This vulnerability stems from a lack of proper access controls on data stored by the plugin.

Risk Assessment

The organization is at risk of leaking confidential customer information, such as personal data or order details, which could lead to data protection regulation violations (e.g., GDPR) and loss of customer trust.

Recommendation

Immediately update the Kit for WooCommerce plugin to the latest available version that addresses this vulnerability. If an update is not possible, consider temporarily disabling the plugin until a patch is applied.

Original NVD description (English source)

Unauthenticated Sensitive Data Exposure in Kit (formerly ConvertKit) for WooCommerce <= 2.1.5 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS