Description
Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce embedding-barcodes-into-product-pages-and-orders allows Retrieve Embedded Sensitive Data.This issue affects Barcode Generator for WooCommerce: from n/a through <= 2.0.2.
Published: 2025-01-31
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Barcode Generator for WooCommerce plugin contains an Insertion of Sensitive Information Into Sent Data flaw that enables an attacker to retrieve embedded sensitive data from product pages and orders. This flaw can leak non‑public information such as account credentials, payment details or personal user data that were encoded within the barcodes, leading to a moderate confidentiality risk for any organization that relies on the integrity of the data displayed by the plugin.

Affected Systems

All versions of the Barcode Generator for WooCommerce by Dmitry V. (CEO of UKR Solution) up to and including 2.0.2 are affected. The issue appears on WordPress sites that install this plugin to embed barcodes on product pages and order confirmations; no platform restrictions are noted.

Risk and Exploitability

The CVSS score of 6.5 combined with an EPSS score of less than 1% indicates moderate severity and a very low probability of exploitation in the wild. The vulnerability is not listed in CISA's KEV catalog. Exploitation would likely occur through the public web interface of a WordPress site running the vulnerable plugin, with the attacker manipulating requests that cause the plugin to send encoded data back to them. Because the flaw does not require local user credentials, broader impact is possible if the site is exposed.

Generated by OpenCVE AI on May 2, 2026 at 05:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Barcode Generator for WooCommerce plugin to a version later than 2.0.2, which removes the data exposure flaw.
  • If an immediate upgrade is not possible, disable the plugin on all public‑facing pages or for the entire site until an update can be applied.
  • Modify the barcode generation code to separate any sensitive information from what is sent to users, thereby addressing the CWE‑201 weakness and preventing sensitive data from being embedded in visible outputs.
  • Conduct a review of user data handling on product and order pages to ensure no other unprotected sensitive information is exposed by the plugin or other extensions.

Generated by OpenCVE AI on May 2, 2026 at 05:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3801 Insertion of Sensitive Information Into Sent Data vulnerability in UkrSolution Barcode Generator for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in UkrSolution Barcode Generator for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.2. Insertion of Sensitive Information Into Sent Data vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce embedding-barcodes-into-product-pages-and-orders allows Retrieve Embedded Sensitive Data.This issue affects Barcode Generator for WooCommerce: from n/a through <= 2.0.2.
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00049}

 epss

{'score': 0.00062}

Mon, 10 Feb 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 31 Jan 2025 08:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in UkrSolution Barcode Generator for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.2.
Title WordPress Barcode Generator for WooCommerce plugin <= 2.0.2 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-11T23:23:45.316Z

Reserved: 2025-01-23T14:50:57.839Z

Link: CVE-2025-24597

cve-icon Vulnrichment

Updated: 2025-01-31T15:36:04.520Z

cve-icon NVD

Status : Deferred

Published: 2025-01-31T09:15:10.607

Modified: 2026-04-23T15:25:05.627

Link: CVE-2025-24597

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T05:15:16Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data