Description
Insertion of Sensitive Information Into Sent Data vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Retrieve Embedded Sensitive Data.This issue affects Easy Post Submission: from n/a through <= 1.7.0.
Published: 2025-10-22
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Easy Post Submission plugin allows the insertion of sensitive information into data that is sent back to users, enabling an attacker to retrieve embedded sensitive data and thereby compromise confidentiality. This flaw exemplifies CWE‑201, where disallowed exposure of sensitive information occurs through improper data handling.

Affected Systems

WordPress sites that have the ThemeRuby Easy Post Submission plugin at version 1.7.0 or earlier are affected. Administrators should audit any installations from the earliest release up to and including 1.7.0 for potential exposure.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate impact, while the EPSS score of less than 1% suggests a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, reducing the perceived attack risk. The likely attack vector is remote via the plugin’s web interface, where an unauthenticated or authenticated user could trigger a request that returns sensitive data. No privilege escalation or code execution is required; the risk is confined to confidentiality compromise.

Generated by OpenCVE AI on April 29, 2026 at 20:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Easy Post Submission plugin to a version newer than 1.7.0, where the data‑exposure flaw has been fixed.
  • If an immediate update is not possible, disable the plugin or restrict access to its endpoints, ensuring that no post‑submission data is sent back to users.
  • Conduct a code review of the plugin’s data handling, remove any hidden fields that contain sensitive information, and enforce proper encoding or encryption before sending responses.

Generated by OpenCVE AI on April 29, 2026 at 20:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Oct 2025 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Wed, 22 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Retrieve Embedded Sensitive Data.This issue affects Easy Post Submission: from n/a through <= 1.7.0.
Title WordPress Easy Post Submission plugin <= 1.7.0 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:00.221Z

Reserved: 2025-10-07T15:34:37.453Z

Link: CVE-2025-62062

cve-icon Vulnrichment

Updated: 2025-10-23T14:56:03.865Z

cve-icon NVD

Status : Deferred

Published: 2025-10-22T15:16:05.343

Modified: 2026-04-27T17:16:31.230

Link: CVE-2025-62062

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T21:00:09Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data