{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-30609", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-03-24T13:00:39.014Z", "datePublished": "2025-03-24T13:47:26.999Z", "dateUpdated": "2026-04-01T15:47:20.398Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "appexperts", "product": "AppExperts", "vendor": "Saad Iqbal", "versions": [{"changes": [{"at": "1.4.5", "status": "unaffected"}], "lessThanOrEqual": "1.4.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Phan Trong Quan - VNPT Cyber Immunity | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:36:24.434Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.<p>This issue affects AppExperts: from n/a through <= 1.4.3.</p>"}], "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.3."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-201", "description": "Insertion of Sensitive Information Into Sent Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T15:47:20.398Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/appexperts/vulnerability/wordpress-appexperts-wordpress-to-mobile-app-woocommerce-to-ios-and-android-apps-1-4-3-sensitive-data-exposure-vulnerability?_s_id=cve"}], "title": "WordPress AppExperts plugin <= 1.4.3 - Sensitive Data Exposure Vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-24T21:25:01.733661Z", "id": "CVE-2025-30609", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-24T22:00:56.456Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30609", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-24T21:25:01.733661Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-24T21:25:10.305Z"}}], "cna": {"title": "WordPress AppExperts \u2013 WordPress to Mobile App \u2013 WooCommerce to iOs and Android Apps - <= <= 1.4.3 Sensitive Data Exposure Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Phan Trong Quan - VNPT Cyber Immunity (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AppExperts", "product": "AppExperts \u2013 WordPress to Mobile App \u2013 WooCommerce to iOs and Android Apps", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.4.3"}], "packageName": "appexperts", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/appexperts/vulnerability/wordpress-appexperts-wordpress-to-mobile-app-woocommerce-to-ios-and-android-apps-1-4-3-sensitive-data-exposure-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts \u2013 WordPress to Mobile App \u2013 WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. This issue affects AppExperts \u2013 WordPress to Mobile App \u2013 WooCommerce to iOs and Android Apps: from n/a through 1.4.3.", "supportingMedia": [{"type": "text/html", "value": "<p>Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts \u2013 WordPress to Mobile App \u2013 WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data.</p><p>This issue affects AppExperts \u2013 WordPress to Mobile App \u2013 WooCommerce to iOs and Android Apps: from n/a through 1.4.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-201", "description": "CWE-201 Insertion of Sensitive Information Into Sent Data"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-03-24T13:47:26.999Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30609", "state": "PUBLISHED", "dateUpdated": "2025-03-24T22:00:56.456Z", "dateReserved": "2025-03-24T13:00:39.014Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-03-24T13:47:26.999Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.3."}, {"lang": "es", "value": "Vulnerabilidad de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en AppExperts AppExperts \u2013 WordPress to Mobile App \u2013 WooCommerce to iOs and Android Apps que permite recuperar datos confidenciales incrustados. Este problema afecta a AppExperts (de WordPress a aplicaciones m\u00f3viles y de WooCommerce a iOS y Android): desde n/d hasta la versi\u00f3n 1.4.3."}], "id": "CVE-2025-30609", "lastModified": "2026-04-01T17:20:07.253", "metrics": {}, "published": "2025-03-24T14:15:33.533", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/appexperts/vulnerability/wordpress-appexperts-wordpress-to-mobile-app-woocommerce-to-ios-and-android-apps-1-4-3-sensitive-data-exposure-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-201"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{}