{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32372", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:10:59.411Z", "datePublished": "2026-03-13T11:42:06.960Z", "dateUpdated": "2026-03-13T11:42:06.960Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "shopbuilder", "product": "ShopBuilder \u2013 Elementor WooCommerce Builder Addons", "vendor": "RadiusTheme", "versions": [{"changes": [{"at": "3.2.5", "status": "unaffected"}], "lessThanOrEqual": "<= 3.2.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Bao - BlueRock | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-13T12:41:10.672Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder \u2013 Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.<p>This issue affects ShopBuilder \u2013 Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4.</p>"}], "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder \u2013 Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder \u2013 Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-13T11:42:06.960Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/shopbuilder/vulnerability/wordpress-shopbuilder-elementor-woocommerce-builder-addons-plugin-3-2-4-sensitive-data-exposure-vulnerability?_s_id=cve"}], "title": "WordPress ShopBuilder \u2013 Elementor WooCommerce Builder Addons plugin <= 3.2.4 - Sensitive Data Exposure vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder \u2013 Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder \u2013 Elementor WooCommerce Builder Addons: from n/a through <= 3.2.4."}], "id": "CVE-2026-32372", "lastModified": "2026-03-16T14:53:46.157", "metrics": {}, "published": "2026-03-13T19:54:51.673", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/shopbuilder/vulnerability/wordpress-shopbuilder-elementor-woocommerce-builder-addons-plugin-3-2-4-sensitive-data-exposure-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}