Description
Insertion of Sensitive Information Into Sent Data vulnerability in Sovlix MeetingHub meetinghub allows Retrieve Embedded Sensitive Data.This issue affects MeetingHub: from n/a through <= 1.23.9.
Published: 2025-11-06
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows the insertion and retrieval of sensitive information within the MeetingHub plugin’s data payloads. Leveraging this flaw, an attacker could extract embedded confidential data that the plugin processes, thereby compromising confidentiality. The weakness is classified as CWE‑201 and carries a CVSS score of 6.5.

Affected Systems

All installations of the Sovlix MeetingHub WordPress plugin up to and including version 1.23.9 are affected. The issue is present from the earliest releases of the plugin through the stated maximum affected version.

Risk and Exploitability

The EPSS score of less than 1 % indicates a low probability of exploitation at present, and the flaw is not listed in the CISA KEV catalog. The description does not specify the exact attack vector or authentication requirements; it can be inferred that exploitation would likely involve the plugin’s normal operational paths, but the specific conditions are not detailed in the advisory.

Generated by OpenCVE AI on April 30, 2026 at 05:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the MeetingHub plugin to the latest version that eliminates the data‑exposure flaw.
  • If a newer version is not yet available, disable or delete the plugin until an update is released.
  • Configure WordPress role permissions to restrict access to meeting data and enforce least‑privilege principles.

Generated by OpenCVE AI on April 30, 2026 at 05:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 06 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Thu, 06 Nov 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 06 Nov 2025 16:00:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Sovlix MeetingHub meetinghub allows Retrieve Embedded Sensitive Data.This issue affects MeetingHub: from n/a through <= 1.23.9.
Title WordPress MeetingHub plugin <= 1.23.9 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:59.417Z

Reserved: 2025-10-07T15:34:26.390Z

Link: CVE-2025-62038

cve-icon Vulnrichment

Updated: 2025-11-06T18:21:55.371Z

cve-icon NVD

Status : Deferred

Published: 2025-11-06T16:16:10.230

Modified: 2026-04-27T17:16:30.613

Link: CVE-2025-62038

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T05:15:28Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data