Description
Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Retrieve Embedded Sensitive Data.This issue affects Otter - Gutenberg Block: from n/a through <= 3.1.0.
Published: 2025-08-20
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Themeisle Otter – Gutenberg Block allows an attacker to retrieve sensitive information that the plugin may embed into data sent from a WordPress site. This flaw can expose confidential content to unauthorized users, compromising the confidentiality of site data. The weakness is classified as CWE‑201, indicating that sensitive data is improperly handled and exposed.

Affected Systems

WordPress installations that have the Otter – Gutenberg Block plugin version 3.1.0 or earlier are affected. All sites using the plugin in the specified version range, regardless of user role or site configuration, could be impacted.

Risk and Exploitability

The CVSS score of 7.5 reflects significant risk to confidentiality, while the EPSS score of less than 1% indicates a low current probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is likely remote through web requests that the plugin processes, but the CVE description does not explicitly state the exploitation method. Based on the exposed data handling flaw, an attacker could retrieve sensitive content by interacting with the plugin’s output or embedded data representations.

Generated by OpenCVE AI on April 30, 2026 at 03:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Otter – Gutenberg Block to the latest available version (greater than 3.1.0).
  • If an upgrade is not possible, disable or remove the plugin from the WordPress installation until a fix is released.
  • Review all pages and templates that use the plugin to ensure no sensitive data is inadvertently rendered or exposed in public or unauthenticated contexts.

Generated by OpenCVE AI on April 30, 2026 at 03:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-28606 Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block allows Retrieve Embedded Sensitive Data. This issue affects Otter - Gutenberg Block: from n/a through 3.1.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block allows Retrieve Embedded Sensitive Data. This issue affects Otter - Gutenberg Block: from n/a through 3.1.0. Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Retrieve Embedded Sensitive Data.This issue affects Otter - Gutenberg Block: from n/a through <= 3.1.0.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 20 Aug 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 Aug 2025 08:15:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block allows Retrieve Embedded Sensitive Data. This issue affects Otter - Gutenberg Block: from n/a through 3.1.0.
Title WordPress Otter - Gutenberg Block Plugin <= 3.1.0 - Sensitive Data Exposure Vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T00:34:48.801Z

Reserved: 2025-08-14T09:10:30.443Z

Link: CVE-2025-55715

cve-icon Vulnrichment

Updated: 2025-08-20T17:18:00.599Z

cve-icon NVD

Status : Deferred

Published: 2025-08-20T08:15:49.923

Modified: 2026-04-23T15:32:56.880

Link: CVE-2025-55715

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T03:30:27Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data