Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof provesource allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from n/a through <= 3.1.2.
Published: 2025-08-21
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the ProveSource Social Proof plugin version 3.1.2 and earlier, allowing an attacker who can access the plugin’s interface to retrieve embedded sensitive data. This exposure can lead to the leakage of configuration details or other privileged information that the plugin stores or processes, thereby compromising confidentiality. The weakness is identified as CWE‑497, which signifies that sensitive data is disclosed after a decryption or validation step.

Affected Systems

ProveSource LTD’s ProveSource Social Proof plugin is affected. All installations running version 3.1.2 or older are vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity risk. The EPSS score of less than 1% suggests that exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalogue. Based on the description, the likely attack vector is a local or remote request to the plugin’s data‑retrieval endpoint, accessible to users with sufficient privileges or to unauthenticated users if the set‑up is misconfigured. An attacker could exploit this by sending a crafted request to the plugin to obtain the hidden sensitive data.

Generated by OpenCVE AI on April 30, 2026 at 08:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the ProveSource Social Proof plugin to the latest version (any release newer than 3.1.2).
  • If an upgrade is not immediately possible, deactivate or uninstall the plugin until a patched version is available.
  • Implement monitoring of the plugin’s output and access logs for anomalous reading of sensitive data, and apply role‑based access controls to restrict who can view or modify plugin settings.

Generated by OpenCVE AI on April 30, 2026 at 08:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-25447 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from n/a through 3.0.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from n/a through 3.0.5. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof provesource allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from n/a through <= 3.1.2.
Title WordPress ProveSource Social Proof plugin <= 3.0.5 - Sensitive Data Exposure vulnerability WordPress ProveSource Social Proof plugin <= 3.1.2 - Sensitive Data Exposure vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Thu, 21 Aug 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 Aug 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Thu, 21 Aug 2025 03:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from n/a through 3.0.5.
Title WordPress ProveSource Social Proof plugin <= 3.0.5 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:57.527Z

Reserved: 2025-05-19T14:41:42.787Z

Link: CVE-2025-48355

cve-icon Vulnrichment

Updated: 2025-08-21T15:56:59.427Z

cve-icon NVD

Status : Deferred

Published: 2025-08-21T04:15:51.547

Modified: 2026-04-23T15:31:10.120

Link: CVE-2025-48355

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T08:15:32Z

Weaknesses