Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Estonian Shipping Methods for WooCommerce: from n/a through 1.7.2.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://patchstack.com/database/wordpress/plugin/estonian-shipping-methods-for-woocommerce/vulnerability/wordpress-estonian-shipping-methods-for-woocommerce-plugin-1-7-2-sensitive-data-exposure-vulnerability?_s_id=cve cve-icon cve-icon
History

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Estonian Shipping Methods for WooCommerce: from n/a through 1.7.2.
Title WordPress Estonian Shipping Methods for WooCommerce Plugin <= 1.7.2 - Sensitive Data Exposure Vulnerability
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2025-09-22T18:23:05.602Z

Reserved: 2025-09-03T09:03:29.730Z

Link: CVE-2025-58656

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-09-22T19:16:15.890

Modified: 2025-09-22T19:16:15.890

Link: CVE-2025-58656

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.