Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress esign-genie-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Foxit eSign for WordPress: from n/a through <= 2.0.3.
Published: 2025-06-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw in the Foxit eSign for WordPress plugin allows an attacker to retrieve embedded sensitive data that should be protected within the application. This weakness is classified as CWE‑497, indicating that sensitive information is improperly exposed. If exploited, an attacker could gain confidential details stored by the plugin, potentially hacking into user accounts or leaking proprietary data.

Affected Systems

The vulnerability affects the esigngenie Foxit eSign for WordPress plugin on WordPress installations. All releases of the plugin from the unknown initial version through version 2.0.3 are impacted. Users who have not yet upgraded beyond 2.0.3 should review their deployment of this plugin.

Risk and Exploitability

The CVSS score of 5.5 reflects moderate severity, and the EPSS score of <1 % indicates a very low likelihood of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. While the description does not specify the exact attack surface, the logical attack vector is likely through an authenticated or publicly exposed feature of the plugin that returns data. An attacker with access to the WordPress instance could invoke that feature to export or view sensitive data embedded by the plugin.

Generated by OpenCVE AI on April 30, 2026 at 18:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Foxit eSign for WordPress to a version newer than 2.0.3 once it becomes available.
  • Restrict the plugin’s data‑exporting or viewing functionalities so that only authorized WordPress roles can access them, for example by tightening role permissions or applying .htaccess access controls.
  • Review all embedded data handled by the plugin to ensure no sensitive information is inadvertently exposed, and sanitize or remove such data if present.

Generated by OpenCVE AI on April 30, 2026 at 18:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17305 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress esign-genie-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Foxit eSign for WordPress: from n/a through <= 2.0.3.
Title WordPress Foxit eSign for WordPress <= 2.0.3 - Other Vulnerability Type Vulnerability WordPress Foxit eSign for WordPress plugin <= 2.0.3 - Other Vulnerability Type Vulnerability
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N'}

Fri, 06 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Jun 2025 13:15:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3.
Title WordPress Foxit eSign for WordPress <= 2.0.3 - Other Vulnerability Type Vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:04.185Z

Reserved: 2025-06-04T15:44:22.452Z

Link: CVE-2025-49419

cve-icon Vulnrichment

Updated: 2025-06-06T13:41:45.974Z

cve-icon NVD

Status : Deferred

Published: 2025-06-06T13:15:52.697

Modified: 2026-04-23T15:31:39.007

Link: CVE-2025-49419

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T18:15:06Z

Weaknesses
  • CWE-497

    Exposure of Sensitive System Information to an Unauthorized Control Sphere