The vulnerability arises from the way DualCube MooWoodle writes data to its log files, causing confidential information that users submit through the plugin to be stored in logs without proper filtering. Based on the description, it is inferred that an attacker who can supply crafted input to the plugin’s form endpoints can embed sensitive data, which will then be indiscriminately recorded. This enables an unauthenticated or minimally privileged attacker to read the logs and recover private data, resulting in a breach of confidentiality.

The issue affects the WordPress MooWoodle plugin from its initial release up through and including version 3.2.4. Any installation of MooWoodle that has not been updated beyond the last officially released version is potentially vulnerable, regardless of site configuration or other plugins present.

With a CVSS score of 7.5 the flaw is considered high severity, and the EPSS score of less than 1% indicates a low exploitation probability, though it is still exploitable in the remote, unauthenticated context. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector, inferred from the description, is remote web requests to the MooWoodle form handlers; an attacker can subvert the logging mechanism by submitting maliciously crafted requests that cause sensitive data to be written to server logs, which can then be accessed by privileged users or compromised accounts.