Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Retrieve Embedded Sensitive Data.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.10.
Published: 2025-09-22
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

WordPress plugin WPeMatico RSS Feed Fetcher contains a flaw that allows an unauthorized party to retrieve sensitive system information. The vulnerability permits the extraction of embedded data such as configuration details or other confidential information. This is a classic sensitive data exposure issue, listed under CWE‑497, and can compromise the confidentiality of the site if an attacker can access the exposed data.

Affected Systems

Affected deployments are WordPress sites running the etruel WPeMatico RSS Feed Fetcher plugin, versions from the earliest releases through 2.8.10 inclusive. Sites that still reference or install any of these versions are vulnerable.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate risk, and the EPSS score of less than 1% suggests a low probability of widespread exploitation at present. The vulnerability is not currently listed in CISA KEV. However, an attacker who can induce the plugin to expose its data could obtain confidential information from the site. The likely attack vector involves the plugin’s data retrieval routines, which may be accessed via the WordPress admin interface or by exposing a file that contains the sensitive data.

Generated by OpenCVE AI on April 30, 2026 at 06:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update WPeMatico RSS Feed Fetcher to a newer version beyond 2.8.10 if it is available.
  • If an immediate update is not possible, deactivate the plugin to eliminate the exposure path.
  • After updating or disabling, audit the site for any remaining files or endpoints that could expose sensitive data and enforce proper access restrictions.

Generated by OpenCVE AI on April 30, 2026 at 06:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30697 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher allows Retrieve Embedded Sensitive Data. This issue affects WPeMatico RSS Feed Fetcher: from n/a through 2.8.10.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher allows Retrieve Embedded Sensitive Data. This issue affects WPeMatico RSS Feed Fetcher: from n/a through 2.8.10. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Retrieve Embedded Sensitive Data.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.10.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Tue, 23 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Etruel
Etruel wpematico Rss Feed Fetcher
Wordpress
Wordpress wordpress
Vendors & Products Etruel
Etruel wpematico Rss Feed Fetcher
Wordpress
Wordpress wordpress

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher allows Retrieve Embedded Sensitive Data. This issue affects WPeMatico RSS Feed Fetcher: from n/a through 2.8.10.
Title WordPress WPeMatico RSS Feed Fetcher Plugin <= 2.8.10 - Sensitive Data Exposure Vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Etruel Wpematico Rss Feed Fetcher
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:39.116Z

Reserved: 2025-08-22T11:36:33.371Z

Link: CVE-2025-57937

cve-icon Vulnrichment

Updated: 2025-09-23T15:40:17.887Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:15:51.223

Modified: 2026-04-23T15:33:04.707

Link: CVE-2025-57937

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T06:30:29Z

Weaknesses