Description
Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through <= 2.7.3.
Published: 2026-01-05
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

WordPress Wallet System for WooCommerce allows sensitive information to be inserted into data that is sent to users or other parties, exposing embedded data that may include account balances or personal identifiers. The flaw is an Information Exposure vulnerability classified as CWE-201.

Affected Systems

All installations of WP Swings Wallet System for WooCommerce version 2.7.3 or earlier are affected. The product is the Wallet System for WooCommerce plugin distributed by WP Swings.

Risk and Exploitability

Because the flaw involves handling of sensitive data during transmission, an attacker might obtain that data if they can influence the plugin’s output or intercept traffic. The CVSS score of 6.3 indicates medium severity, and the EPSS score is below 1%, suggesting a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, and no confirmed exploitation vectors are publicly disclosed, so the risk primarily concerns inadvertent exposure of sensitive content rather than active attacks.

Generated by OpenCVE AI on April 29, 2026 at 12:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Wallet System for WooCommerce plugin to a version newer than 2.7.3, or apply the vendor’s patch if available.
  • Disable or remove the plugin on WordPress sites where it is not required to reduce the attack surface.
  • Review the plugin’s configuration and network traffic to ensure that no sensitive data is embedded in packets, and consider using encryption or access controls to protect data in transit.

Generated by OpenCVE AI on April 29, 2026 at 12:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through 2.7.2. Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through <= 2.7.3.
Title WordPress Wallet System for WooCommerce plugin <= 2.7.2 - Sensitive Data Exposure vulnerability WordPress Wallet System for WooCommerce plugin <= 2.7.3 - Sensitive Data Exposure vulnerability
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Tue, 06 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 06 Jan 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wpswings
Wpswings wallet System For Woocommerce
Vendors & Products Wordpress
Wordpress wordpress
Wpswings
Wpswings wallet System For Woocommerce

Mon, 05 Jan 2026 11:00:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through 2.7.2.
Title WordPress Wallet System for WooCommerce plugin <= 2.7.2 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
Wpswings Wallet System For Woocommerce
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-29T09:56:32.090Z

Reserved: 2025-12-15T10:01:03.746Z

Link: CVE-2025-68029

cve-icon Vulnrichment

Updated: 2026-01-06T18:20:32.797Z

cve-icon NVD

Status : Deferred

Published: 2026-01-05T11:17:41.537

Modified: 2026-04-29T10:16:52.790

Link: CVE-2025-68029

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T12:15:09Z

Weaknesses