Description
Insertion of Sensitive Information Into Sent Data vulnerability in themelooks FoodBook foodbook allows Retrieve Embedded Sensitive Data.This issue affects FoodBook: from n/a through <= 4.7.6.
Published: 2025-09-26
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The FoodBook plugin contains a vulnerability that allows an attacker to retrieve embedded sensitive data. The flaw arises from insecure handling of data that is inserted into outgoing responses, leading to exposure of information that should be protected. This results in a confidentiality breach and a moderate security impact, reflected in the CVSS score of 5.3.

Affected Systems

Affected systems include the WordPress FoodBook plugin from any version up to and including 4.7.6. All installations of the plugin within this range are potentially vulnerable.

Risk and Exploitability

The CVSS score indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote: a threat actor can trigger the vulnerable code by accessing a WordPress site that uses the affected plugin, causing the plugin to send sensitive information back in the HTTP response. No additional prerequisites are specified, so a simple web request could potentially disclose data to anyone who can view the response.

Generated by OpenCVE AI on April 30, 2026 at 06:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the FoodBook plugin to version 4.7.7 or later, which removes the data leakage issue.
  • If an upgrade is not immediately possible, uninstall or disable the plugin to eliminate the data exposure risk.
  • Revoke any credentials or sensitive data that may have been exposed by the vulnerability.

Generated by OpenCVE AI on April 30, 2026 at 06:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-31275 Insertion of Sensitive Information Into Sent Data vulnerability in themelooks FoodBook allows Retrieve Embedded Sensitive Data. This issue affects FoodBook: from n/a through 4.7.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in themelooks FoodBook allows Retrieve Embedded Sensitive Data. This issue affects FoodBook: from n/a through 4.7.1. Insertion of Sensitive Information Into Sent Data vulnerability in themelooks FoodBook foodbook allows Retrieve Embedded Sensitive Data.This issue affects FoodBook: from n/a through <= 4.7.6.
Title WordPress FoodBook Plugin <= 4.7.1 - Sensitive Data Exposure Vulnerability WordPress FoodBook Plugin <= 4.7.6 - Sensitive Data Exposure Vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Mon, 29 Sep 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Fri, 26 Sep 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Sep 2025 08:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in themelooks FoodBook allows Retrieve Embedded Sensitive Data. This issue affects FoodBook: from n/a through 4.7.1.
Title WordPress FoodBook Plugin <= 4.7.1 - Sensitive Data Exposure Vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:55.693Z

Reserved: 2025-09-25T15:20:29.870Z

Link: CVE-2025-60125

cve-icon Vulnrichment

Updated: 2025-09-26T13:10:06.369Z

cve-icon NVD

Status : Deferred

Published: 2025-09-26T09:15:39.883

Modified: 2026-04-23T15:34:16.007

Link: CVE-2025-60125

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T06:15:29Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data