Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Doofinder for WooCommerce Exposes Sensitive Customer Data
CVE-2026-39542
Summary
Doofinder for WooCommerce, a search plugin, stores sensitive customer information in plain text. This means that if an attacker gains access to the plugin's data, they could potentially see this sensitive information. To fix this, update to version 2.10.14 or later.
Original title
Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder...
Original description
Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through <= 2.10.13.
Vulnerability type
CWE-201
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026