CVE-2026-24553 PUBLISHED

WordPress Fraud Prevention For Woocommerce plugin <= 2.3.1 - Sensitive Data Exposure vulnerability

Assigner: Patchstack
Reserved: 23.01.2026 Published: 23.01.2026 Updated: 23.01.2026

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dotstore Fraud Prevention For Woocommerce woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers allows Retrieve Embedded Sensitive Data.This issue affects Fraud Prevention For Woocommerce: from n/a through <= 2.3.1.

Product Status

Vendor	Dotstore
Product	Fraud Prevention For Woocommerce
Versions	Default: unaffected affected from n/a to <= 2.3.1 (incl.)

Credits

Jarno Vos (jrn5151) | Patchstack Bug Bounty Program finder

References

https://patchstack.com/database/Wordpress/Plugin/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/vulnerability/wordpress-fraud-prevention-for-woocommerce-plugin-2-3-1-sensitive-data-exposure-vulnerability?_s_id=cve

Problem Types

Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE

Impacts

Retrieve Embedded Sensitive Data