Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback Exporter jetpack-feedback-exporter allows Retrieve Embedded Sensitive Data.This issue affects Jetpack Feedback Exporter: from n/a through <= 1.23.
Published: 2025-04-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Jetpack Feedback Exporter for WordPress allows an unauthenticated user to retrieve embedded sensitive system information through the plugin’s export functionality. This flaw enables attackers to expose protected data to an external control sphere, compromising the confidentiality of site contents and potentially exposing credentials, configuration files, or other sensitive material. The weakness is classified as CWE‑497, a failure to control the exposure of confidential data to an unauthorized party.

Affected Systems

The vulnerability impacts the WordPress plugin Jetpack Feedback Exporter in all releases from the earliest available version up to and including version 1.23, shipped by J. Tyler Wiest. Sites that have installed any of these affected plugin versions are at risk.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. The EPSS score of less than 1 % suggests that, as of now, the likelihood of real‑world exploitation is low but not zero. The vulnerability is not listed in the CISA KEV catalog, and no vendor‑issued workaround is available at present. The likely attack vector is a remote HTTP request to the site’s WordPress installation that invokes the plugin’s export endpoint; the flaw appears to be exploitable without authentication, meaning any user who can reach the HTTP endpoint can potentially retrieve the sensitive data.

Generated by OpenCVE AI on May 1, 2026 at 00:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Jetpack Feedback Exporter to a version newer than 1.23 or uninstall the plugin entirely.
  • Disable the plugin if an upgrade is not immediately possible to remove the active data‑exposure pathway.
  • Maintain a robust WordPress security posture by keeping core, themes, and other plugins updated, enforcing least‑privilege user accounts, and conducting regular vulnerability scans.

Generated by OpenCVE AI on May 1, 2026 at 00:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9798 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback Exporter allows Retrieve Embedded Sensitive Data. This issue affects Jetpack Feedback Exporter: from n/a through 1.23.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback Exporter allows Retrieve Embedded Sensitive Data. This issue affects Jetpack Feedback Exporter: from n/a through 1.23. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback Exporter jetpack-feedback-exporter allows Retrieve Embedded Sensitive Data.This issue affects Jetpack Feedback Exporter: from n/a through <= 1.23.
Title WordPress Jetpack Feedback Exporter <= 1.23 - Sensitive Data Exposure Vulnerability WordPress Jetpack Feedback Exporter plugin <= 1.23 - Sensitive Data Exposure Vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Fri, 04 Apr 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 04 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback Exporter allows Retrieve Embedded Sensitive Data. This issue affects Jetpack Feedback Exporter: from n/a through 1.23.
Title WordPress Jetpack Feedback Exporter <= 1.23 - Sensitive Data Exposure Vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:19.899Z

Reserved: 2025-04-04T10:02:07.012Z

Link: CVE-2025-32251

cve-icon Vulnrichment

Updated: 2025-04-04T20:12:02.552Z

cve-icon NVD

Status : Deferred

Published: 2025-04-04T16:15:34.423

Modified: 2026-04-23T15:28:50.320

Link: CVE-2025-32251

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T00:30:04Z

Weaknesses