The AppExperts plugin for WordPress contains an insertion of sensitive information into data that is sent to users, allowing the retrieval of embedded confidential data. This flaw permits an attacker to access data that should remain private, compromising the confidentiality of any sensitive information stored or transmitted by the plugin. The weakness corresponds to CWE‑201, a classic sensitive data exposure scenario.

The Vulnerability affects the Saad Iqbal:AppExperts plugin in all releases up to and including version 1.4.5. WordPress sites that have installed any of these plugin versions are at risk. No later versions are mentioned, implying that fixes may be available in releases beyond 1.4.5.

The CVSS score of 5.8 indicates a medium severity condition. The EPSS score of less than 1% suggests that widespread exploitation is unlikely at present. The vulnerability is not listed in the CISA KEV catalog, and there is no indication of an active exploit. Based on the description, it is inferred that the plugin can be reached through the WordPress web interface, so the likely attack vector is via web-based input or request manipulation, enabling unauthorized disclosure of data when it is transmitted to the client.