WordPress Plugin Vulnerabilities

Phone Orders for WooCommerce < 3.7.2 - Subscriber+ Sensitive Data Exposure

Description

The plugin disclose unspecified sensitive information to low privilege users such as subscriber

Affects Plugins

Plugin icon
phone-orders-for-woocommerce
Fixed in 3.7.2

References

CVE
CVE-2022-41655

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
aa562822-567b-4bcf-a2d2-b1bc6281fd1c

Timeline

Publicly Published
2022-10-24 (about 3 years ago)
Added
2022-11-20 (about 3 years ago)
Last Updated
2022-11-20 (about 3 years ago)

Other

Published
Title
Published
2026-02-13
Title
StickEasy Protected Contact Form < 1.0.2 - Unauthenticated Information Disclosure
Published
2026-04-29
Title
WPPizza – A Restaurant Plugin < 3.20 - Authenticated (Subscriber+) Information Exposure
Published
2024-06-06
Title
FileOrganizer < 1.0.8 - Sensitive Information Exposure via Directory Listing
Published
2026-03-18
Title
Download Manager < 3.3.50 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter
Published
2025-04-01
Title
Srbtranslatin <= 3.2.0 - Unauthenticated Sensitive Information Exposure