Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: from n/a through <= 1.0.20.
Published: 2025-12-30
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an unauthorized party to retrieve embedded sensitive data from the WordPress Poptics plugin. Classified as CWE-497, it is a classic Sensitive Data Exposure flaw, enabling the disclosure of information that should be restricted to authorized users.

Affected Systems

Aethonic Poptics plugin for WordPress, versions from the earliest available build up to and including 1.0.20, are affected. No other vendors or products are listed in the CNA data.

Risk and Exploitability

The EPSS score of less than 1% indicates that active exploitation is unlikely, and the flaw is not listed in the CISA KEV catalog, so no known active exploits exist. The CVSS score of 4.3 denotes a moderate severity, reflecting a measurable risk to confidentiality. Likely, an attacker could exploit the flaw remotely via an unauthenticated web request to the plugin’s exposed interfaces (inferred).

Generated by OpenCVE AI on April 29, 2026 at 11:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the WordPress Poptics plugin to any version newer than 1.0.20.
  • If an update is not feasible, disable or remove the Poptics plugin to eliminate the data exposure pathway.
  • After disabling or updating, audit WordPress configuration and logs for evidence of prior data exposure and ensure no sensitive information remains exposed in files or components.

Generated by OpenCVE AI on April 29, 2026 at 11:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins &amp; WooCommerce Sales poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins &amp; WooCommerce Sales: from n/a through <= 1.0.20. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: from n/a through <= 1.0.20.
Title WordPress Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins & WooCommerce Sales plugin <= 1.0.20 - Sensitive Data Exposure vulnerability WordPress Poptics plugin <= 1.0.20 - Sensitive Data Exposure vulnerability

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Mon, 05 Jan 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Aethonic
Aethonic poptics
Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Aethonic
Aethonic poptics
Woocommerce
Woocommerce woocommerce
Wordpress
Wordpress wordpress

Fri, 02 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 30 Dec 2025 11:00:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins &amp; WooCommerce Sales poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins &amp; WooCommerce Sales: from n/a through <= 1.0.20.
Title WordPress Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins & WooCommerce Sales plugin <= 1.0.20 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References

Subscriptions

Aethonic Poptics
Woocommerce Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T20:33:46.355Z

Reserved: 2025-12-29T11:18:35.617Z

Link: CVE-2025-69025

cve-icon Vulnrichment

Updated: 2026-01-02T21:07:38.984Z

cve-icon NVD

Status : Deferred

Published: 2025-12-30T11:16:01.007

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-69025

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T11:30:09Z

Weaknesses