Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through <= 2.2.6.
Published: 2026-03-25
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Apply Patch
AI Analysis

Impact

The vulnerability in WordPress Review Schema allows an attacker in an unauthorized control sphere to retrieve embedded sensitive data from the plugin. This exposure leaks confidential system information that should be protected. The weakness is classified as CWE‑497, indicating improper handling or disclosure of sensitive data.

Affected Systems

The affected product is the RadiusTheme Review Schema plugin for WordPress. All releases from any earlier version up through 2.2.6 are impacted; no later releases are listed in the advisory.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. The EPSS score is below 1%, implying a low probability of exploitation at this time, and the issue is not listed in CISA’s KEV catalog. The likely attack vector is through the plugin’s interface, presumably requiring authenticated access to the WordPress admin area, though it could also be triggered by users who can load publicly exposed plugin endpoints. Successful exploitation would enable an attacker to read sensitive system data and could facilitate further malicious activity.

Generated by OpenCVE AI on March 26, 2026 at 19:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Review Schema to the latest version (2.2.7 or later if available).
  • If an update is not available, disable or uninstall the plugin to eliminate the vulnerability.
  • Verify that no publicly exposed endpoints in the plugin expose sensitive data.
  • Monitor the WordPress site for any unauthorized data disclosures.

Generated by OpenCVE AI on March 26, 2026 at 19:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Radiustheme
Radiustheme review Schema
Wordpress
Wordpress wordpress
Vendors & Products Radiustheme
Radiustheme review Schema
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through <= 2.2.6.
Title WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References

Subscriptions

Radiustheme Review Schema
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-23T14:14:08.534Z

Reserved: 2026-02-02T12:52:42.957Z

Link: CVE-2026-25344

cve-icon Vulnrichment

Updated: 2026-03-26T17:08:48.476Z

cve-icon NVD

Status : Deferred

Published: 2026-03-25T17:16:45.070

Modified: 2026-04-24T16:32:53.997

Link: CVE-2026-25344

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:45:59Z

Weaknesses