The vulnerability involves the insertion of sensitive information into data sent by the WordPress Spotlight - Social Media Feeds (Premium) plugin, allowing an attacker to retrieve embedded sensitive data. This flaw corresponds to CWE‑201, which addresses the exposure of sensitive information through application output. The effect is that confidential information can be accessed by unauthorized parties, compromising data confidentiality and potentially enabling further exploitation if the exposed data is used in other attacks.

The affected product is the Spotlight – Social Media Feeds (Premium) WordPress plugin for all versions up to 1.7.1. No other versions or products are listed as impacted, and no vendor‑supplied version details are available beyond the general affected range.

According to the CVSS score of 5.3, the vulnerability carries a medium severity rating. The EPSS score of less than 1% indicates a very low probability that it will be actively exploited in the wild at present. The vulnerability is not included in the CISA KEV catalog. An attacker would likely need to obtain access to a site using the vulnerable plugin and trigger its feed generation functionality, then intercept the output to extract the sensitive data; no remote code execution or elevated privileges are required. The lack of a listed exploit reduces the urgency, but data exposure remains a security concern.