Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3.
Published: 2026-01-23
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Apply Patch
AI Analysis

Impact

The vulnerability in Strategy11 Team AWP Classifieds allows an attacker to retrieve embedded sensitive data from a WordPress site. This results in unauthorized disclosure of system information that should be protected, potentially revealing user data, configuration details, and other confidential information. The weakness is rooted in improper handling of data retrieval, leading to direct exposure of sensitive data to an unauthorized control sphere.

Affected Systems

Affected systems include the WordPress AWP Classifieds plugin distributed by Strategy11 Team. The flaw exists in all versions up through 4.4.3, including any deployment that has not been upgraded beyond that release.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate risk, and the EPSS score of less than 1% suggests that exploitation is uncommon at this time. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is an unauthenticated web request that accesses a plugin endpoint exposing sensitive data. The impact is limited to confidentiality, with no evidence of remote code execution or denial of service in the provided data.

Generated by OpenCVE AI on April 16, 2026 at 07:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the AWP Classifieds plugin to a version newer than 4.4.3, or apply any vendor‑approved patch if available.
  • If upgrading is not possible or delayed, disable or remove the plugin from the WordPress installation to eliminate the vulnerable code path.
  • After changes, conduct a vulnerability scan or audit to confirm that no sensitive data retrieval endpoints remain and that the plugin no longer exposes confidential information.

Generated by OpenCVE AI on April 16, 2026 at 07:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 26 Jan 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Strategy11
Strategy11 awp Classifieds
Wordpress
Wordpress wordpress
Vendors & Products Strategy11
Strategy11 awp Classifieds
Wordpress
Wordpress wordpress

Fri, 23 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3.
Title WordPress AWP Classifieds plugin <= 4.4.3 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References

Subscriptions

Strategy11 Awp Classifieds
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:49.785Z

Reserved: 2026-01-23T12:32:12.342Z

Link: CVE-2026-24593

cve-icon Vulnrichment

Updated: 2026-01-23T20:46:14.019Z

cve-icon NVD

Status : Deferred

Published: 2026-01-23T15:16:17.247

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24593

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:30:28Z

Weaknesses