Description
Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8.
Published: 2025-12-16
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Traveler Option Tree plugin for WordPress has a vulnerability that allows attackers to retrieve sensitive information stored within the plugin's configuration. Insertion of sensitive data into sent responses can expose confidential data, resulting in a confidentiality breach. This weakness is classified as CWE‑201 Sensitive Information Exposure. The issue affects all versions of the plugin up to and including 2.8 and could allow a non‑authenticated or low‑privilege user with access to the plugin settings to harvest embedded data.

Affected Systems

Vendors: shinetheme. Product: Traveler Option Tree – a WordPress custom‑option‑tree plugin. Version range: all released versions up to and including 2.8 are vulnerable. The plugin is installed on WordPress sites using the shinetheme Traveler Option Tree component.

Risk and Exploitability

The publicly available CVSS score is 2.7, indicating a low‑severity risk, while the EPSS score is below 1 %, implying a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through the WordPress administrative interface or plugin API, requiring authenticated access to the plugin’s option management. Because the flaw simply exposes data that has already been injected into response payloads, an attacker would typically need either administrative privileges or be able to view the plugin’s output in the front‑end, and the impact remains limited to confidentiality. No special privileges or network access are required beyond basic access to the vulnerable site.

Generated by OpenCVE AI on April 29, 2026 at 15:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Traveler Option Tree to version 2.9 or later when available.
  • If upgrade is not feasible, disable or remove the plugin to eliminate the vulnerability.
  • Review stored configuration values and remove or sanitize any sensitive data that may have been exposed through the plugin.

Generated by OpenCVE AI on April 29, 2026 at 15:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Tue, 16 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Dec 2025 18:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

Tue, 16 Dec 2025 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Tue, 16 Dec 2025 08:30:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8.
Title WordPress Traveler Option Tree plugin <= 2.8 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T20:20:56.593Z

Reserved: 2025-06-04T09:41:51.340Z

Link: CVE-2025-49300

cve-icon Vulnrichment

Updated: 2025-12-16T17:27:49.061Z

cve-icon NVD

Status : Deferred

Published: 2025-12-16T09:15:52.120

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-49300

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T16:00:06Z

Weaknesses