Description
Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce estonian-shipping-methods-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Estonian Shipping Methods for WooCommerce: from n/a through <= 1.7.2.
Published: 2025-09-22
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is caused by hard‑coded credentials embedded in the Estonian Shipping Methods for WooCommerce plugin. An attacker who can obtain these credentials can retrieve sensitive data stored by the plugin, resulting in a confidentiality breach. This weakness is classified as CWE‑798, hard‑coded credentials. The impact is the exposure of data that should be protected, without affecting system integrity or availability.

Affected Systems

Risto Niinemets Estonian Shipping Methods for WooCommerce plugin, versions 1.7.2 and earlier.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. The EPSS score is less than 1%, suggesting a very low exploitation probability for the current market. The vulnerability is not listed in CISA KEV. Exploitation requires knowledge of the hard‑coded credentials; an attacker could trigger the data retrieval by sending crafted requests to the plugin’s endpoints or via the admin interface. The likely attack vector is an authenticated or unauthenticated request to the plugin once the credentials are known.

Generated by OpenCVE AI on April 30, 2026 at 01:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the plugin to the latest version (1.7.3 or newer) which removes the hard‑coded credentials.
  • Regenerate or revoke any sensitive data that may have been exposed due to the compromised credentials.
  • Review and harden all plugin configuration files, ensuring that no secrets are stored in the codebase.

Generated by OpenCVE AI on April 30, 2026 at 01:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30530 Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Estonian Shipping Methods for WooCommerce: from n/a through 1.7.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Estonian Shipping Methods for WooCommerce: from n/a through 1.7.2. Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce estonian-shipping-methods-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Estonian Shipping Methods for WooCommerce: from n/a through <= 1.7.2.
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Tue, 23 Sep 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Risto Niinemets
Risto Niinemets estonian Shipping Methods
Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Risto Niinemets
Risto Niinemets estonian Shipping Methods
Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Estonian Shipping Methods for WooCommerce: from n/a through 1.7.2.
Title WordPress Estonian Shipping Methods for WooCommerce Plugin <= 1.7.2 - Sensitive Data Exposure Vulnerability
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Risto Niinemets Estonian Shipping Methods
Woocommerce Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T00:55:05.565Z

Reserved: 2025-09-03T09:03:29.730Z

Link: CVE-2025-58656

cve-icon Vulnrichment

Updated: 2025-09-23T16:01:24.294Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:16:15.890

Modified: 2026-04-23T15:33:32.313

Link: CVE-2025-58656

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T01:45:06Z

Weaknesses