Report
The WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to insufficient restrictions in the product shortcode in all versions up to, and including, 8.5.2. This makes it possible for authenticated attackers, with contributor-level access and above, to view private and draft products.
Score:4.3
Severity:Medium
Version:< 8.6
There is a patch available in v8.6 and we strongly recommend you update to this version as soon as possible.
