Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2.
Published: 2025-05-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to retrieve embedded sensitive data from the Solid Plugins AnalyticsWP plugin, exposing system information to an unauthorized control sphere. Classified as CWE-497, this sensitive data exposure could enable malicious actors to obtain confidential configuration or environment details that may be leveraged for further attacks. The CVSS score of 5.3 indicates a moderate severity for confidentiality and integrity.

Affected Systems

WordPress sites that use the Solid Plugins AnalyticsWP plugin are affected, specifically all releases from the earliest version through 2.1.2. Any site that has installed this plugin and has not upgraded beyond version 2.1.2 is vulnerable.

Risk and Exploitability

The low EPSS (< 1%) shows that exploitation is unlikely in the near term, and the vulnerability is not currently listed in the CISA KEV catalog. Attackers would need to access the plugin’s data endpoints or exploit a publicly exposed configuration file, which is generally achievable from the web interface once the plugin is active. The moderate CVSS score reflects the potential confidentiality impact, but the overall risk remains moderate due to the low exploitation probability.

Generated by OpenCVE AI on April 30, 2026 at 19:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Solid Plugins AnalyticsWP to the latest version (greater than 2.1.2) or uninstall the plugin if it is not essential.
  • Restrict access to the plugin’s data endpoints, ensuring that only authenticated users can view or modify sensitive configuration information.
  • Audit the plugin’s files for any hard‑coded or debug values and remove any that expose system details; apply proper file permission settings to prevent unauthorized read access.

Generated by OpenCVE AI on April 30, 2026 at 19:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27951 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2.
History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP analyticswp allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through <= 2.1.2. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2.
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP analyticswp allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through <= 2.1.2.
References

Tue, 20 May 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 19 May 2025 17:00:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Solid Plugins AnalyticsWP allows Retrieve Embedded Sensitive Data.This issue affects AnalyticsWP: from n/a through 2.1.2.
Title WordPress AnalyticsWP plugin <= 2.1.2 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:30.306Z

Reserved: 2025-04-16T06:22:42.847Z

Link: CVE-2025-39394

cve-icon Vulnrichment

Updated: 2025-05-20T14:06:27.554Z

cve-icon NVD

Status : Deferred

Published: 2025-05-19T17:15:27.203

Modified: 2026-04-28T19:31:55.393

Link: CVE-2025-39394

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T19:45:26Z

Weaknesses