Description
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.3.
Published: 2025-03-24
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The AppExperts plugin for WordPress contains an insertion flaw that allows sensitive information to be embedded into data sent to external services. An attacker who triggers this data flow can retrieve sensitive data that the plugin inadvertently exposes. The weakness is identified as CWE-201, Sensitive Information Exposure. This flaw permits data leakage that can undermine confidentiality and allow attackers to gain insight into the internal workings of the site.

Affected Systems

The vulnerability affects the AppExperts WordPress plugin developed by Saad Iqbal. All installations using AppExperts version 1.4.3 or earlier are vulnerable, including every version from the earliest available release up through 1.4.3.

Risk and Exploitability

The CVSS score of 5.3 indicates medium severity. The EPSS score is below 1%, which suggests a very low probability of exploitation in the wild, and the weakness is not currently listed in CISA's KEV catalog. The likely attack vector is through the plugin's data-submission interface; an attacker who triggers the flaw could obtain the leaked data. Because no public exploits have been reported, the risk remains theoretical but should be addressed prior to exposure.

Generated by OpenCVE AI on May 1, 2026 at 13:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Uninstall or disable the AppExperts plugin until a secure update is available.
  • Upgrade the AppExperts plugin to a version newer than 1.4.3 when it is released.
  • Limit access to the plugin's configuration to trusted administrators and audit data handling to ensure no sensitive information is transmitted.

Generated by OpenCVE AI on May 1, 2026 at 13:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-7927 Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. This issue affects AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps: from n/a through 1.4.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. This issue affects AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps: from n/a through 1.4.3. Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal AppExperts appexperts allows Retrieve Embedded Sensitive Data.This issue affects AppExperts: from n/a through <= 1.4.3.
Title WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps - <= <= 1.4.3 Sensitive Data Exposure Vulnerability WordPress AppExperts plugin <= 1.4.3 - Sensitive Data Exposure Vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Mon, 24 Mar 2025 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 24 Mar 2025 14:00:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in AppExperts AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps allows Retrieve Embedded Sensitive Data. This issue affects AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps: from n/a through 1.4.3.
Title WordPress AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps - <= <= 1.4.3 Sensitive Data Exposure Vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:55.486Z

Reserved: 2025-03-24T13:00:39.014Z

Link: CVE-2025-30609

cve-icon Vulnrichment

Updated: 2025-03-24T21:25:10.305Z

cve-icon NVD

Status : Deferred

Published: 2025-03-24T14:15:33.533

Modified: 2026-04-23T15:26:57.930

Link: CVE-2025-30609

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T13:45:06Z

Weaknesses