Description
Insertion of Sensitive Information into Log File vulnerability in Smackcoders Inc., AIO Performance Profiler, Monitor, Optimize, Compress & Debug all-in-one-performance-accelerator allows Retrieve Embedded Sensitive Data.This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through <= 1.3.
Published: 2025-04-01
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Sensitive data is written into log files by the AIO Performance Profiler, Monitor, Optimize, Compress & Debug plugin, allowing an attacker to retrieve embedded sensitive information. The flaw arises from the plugin’s insufficient protection of log contents, which can expose credentials or other confidential data to unauthorized readers. An attacker who can read the logs would be able to obtain this exposed information.

Affected Systems

The vulnerability impacts all version releases of the plugin up through and including 1.3. The plugin is provided by Smackcoders Inc. and is known as the AIO Performance Profiler, Monitor, Optimize, Compress & Debug, also referenced as all‑one-performance‑accelerator. WordPress sites that have any of these vulnerable versions are within scope.

Risk and Exploitability

The CVSS score of 5.3 classifies the weakness as a moderate severity issue. The EPSS score is under 1 % and the vulnerability is not listed in CISA KEV, indicating a low current probability of exploitation. Nonetheless, if an attacker manages to access the WordPress administrative interface or an account that can read log files, they can retrieve the sensitive data that the plugin has logged. This inferred attack vector relies on privileged access to logs rather than on remote code execution or denial of service.

Generated by OpenCVE AI on May 1, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the plugin to version 1.4 or later, which removes the vulnerable logging behavior.
  • Verify that log files generated by the plugin are stored in directories with permissions that prevent public or unauthorized read access.
  • Configure the plugin to disable or restrict logging of sensitive information, or use a separate logging library that masks confidential data.

Generated by OpenCVE AI on May 1, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9233 Insertion of Sensitive Information into Log File vulnerability in smackcoders AIO Performance Profiler, Monitor, Optimize, Compress & Debug allows Retrieve Embedded Sensitive Data. This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through 1.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information into Log File vulnerability in smackcoders AIO Performance Profiler, Monitor, Optimize, Compress & Debug allows Retrieve Embedded Sensitive Data. This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through 1.2. Insertion of Sensitive Information into Log File vulnerability in Smackcoders Inc., AIO Performance Profiler, Monitor, Optimize, Compress & Debug all-in-one-performance-accelerator allows Retrieve Embedded Sensitive Data.This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through <= 1.3.
Title WordPress AIO Performance Profiler, Monitor, Optimize, Compress & Debug plugin <= 1.2 - Sensitive Data Exposure vulnerability WordPress AIO Performance Profiler, Monitor, Optimize, Compress & Debug plugin <= 1.3 - Sensitive Data Exposure vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Tue, 01 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 15:00:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information into Log File vulnerability in smackcoders AIO Performance Profiler, Monitor, Optimize, Compress & Debug allows Retrieve Embedded Sensitive Data. This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through 1.2.
Title WordPress AIO Performance Profiler, Monitor, Optimize, Compress & Debug plugin <= 1.2 - Sensitive Data Exposure vulnerability
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:12.745Z

Reserved: 2025-04-01T13:19:54.844Z

Link: CVE-2025-31788

cve-icon Vulnrichment

Updated: 2025-04-01T18:36:49.317Z

cve-icon NVD

Status : Deferred

Published: 2025-04-01T15:16:16.847

Modified: 2026-04-23T15:28:17.760

Link: CVE-2025-31788

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T12:00:15Z

Weaknesses
  • CWE-532

    Insertion of Sensitive Information into Log File