Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.9.
Published: 2025-04-10
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Ai Image Alt Text Generator for WP plugin contains a flaw that allows an attacker to read sensitive system information that should be protected. This issue is classified as CWE‑497, reflecting a vulnerability that exposes confidential data to unauthorized parties. The exposed data could provide insight into the underlying WordPress host, potentially enabling further attacks if combined with other weaknesses.

Affected Systems

All releases of the AI Image Alt Text Generator for WP plugin up through version 1.1.9 are affected. The plugin is distributed by WP Messiah, a WordPress plugin vendor. No specific hardware or operating system prerequisites are listed; the vulnerability exists entirely within the WordPress plugin code.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, and the EPSS score of less than 1% points to a low likelihood of current exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers would likely need access to the WordPress administrative interface or be able to send crafted requests to the plugin’s data endpoint; the description infers that the vulnerability can be triggered without authentication, but this is not explicitly stated.

Generated by OpenCVE AI on April 30, 2026 at 23:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ai Image Alt Text Generator for WP to the latest version (1.2.0 or higher, if available).
  • If an update is not immediately available, deactivate or uninstall the plugin to eliminate the exposure risk.
  • Review and harden the overall WordPress installation, ensuring that other plugins do not similarly expose sensitive data and that the site’s configuration follows best security practices.

Generated by OpenCVE AI on April 30, 2026 at 23:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10451 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.9.
Title WordPress Ai Image Alt Text Generator for WP plugin <= 1.0.8 - Sensitive Data Exposure vulnerability WordPress Ai Image Alt Text Generator for WP plugin <= 1.1.9 - Sensitive Data Exposure vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Thu, 10 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 10 Apr 2025 08:15:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8.
Title WordPress Ai Image Alt Text Generator for WP plugin <= 1.0.8 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:19.415Z

Reserved: 2025-04-04T10:01:50.054Z

Link: CVE-2025-32228

cve-icon Vulnrichment

Updated: 2025-04-10T19:03:15.368Z

cve-icon NVD

Status : Deferred

Published: 2025-04-10T08:15:19.437

Modified: 2026-04-23T15:28:47.600

Link: CVE-2025-32228

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T23:30:03Z

Weaknesses