Description
Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty: from n/a through <= 3.5.1.
Published: 2026-03-05
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Apply Patch
AI Analysis

Impact

This vulnerability arises from a flaw in the Premio Chaty WordPress plugin that permits sensitive information to be inserted into and subsequently retrieved from chat data. The defect directly compromises confidential data handled by the chat interface, potentially exposing credentials, personal identifiers, or other privileged information back to the attacker.

Affected Systems

WordPress sites that have installed the Premio Chaty plugin version 3.5.1 or earlier are compromised, as the issue exists in all releases up to and including 3.5.1.

Risk and Exploitability

The CVSS score of 7.5 reflects moderate‑to‑high severity, while an EPSS score of less than 1 % indicates the likelihood of widespread exploitation is low. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation is inferred to occur when an attacker can interact with the chat interface—either by accessing an account that uses the plugin or through cross‑site inputs—allowing them to retrieve embedded sensitive data.

Generated by OpenCVE AI on April 16, 2026 at 05:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Premio Chaty plugin to a version newer than 3.5.1 as soon as the vendor releases a fix.
  • If upgrade is delayed, disable or restrict chat input fields that can carry sensitive data until the issue is resolved.
  • Verify that all configuration settings that expose data to the chat interface are reviewed and tightened, ensuring that no unintended sensitive information is injected or displayed.

Generated by OpenCVE AI on April 16, 2026 at 05:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 06 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Premio
Premio chaty
Wordpress
Wordpress wordpress
Vendors & Products Premio
Premio chaty
Wordpress
Wordpress wordpress

Thu, 05 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty: from n/a through <= 3.5.1.
Title WordPress Chaty plugin <= 3.5.1 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References

Subscriptions

Premio Chaty
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:12.467Z

Reserved: 2026-02-19T09:51:54.220Z

Link: CVE-2026-27370

cve-icon Vulnrichment

Updated: 2026-03-06T18:56:04.973Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-05T06:16:26.620

Modified: 2026-03-06T19:16:16.413

Link: CVE-2026-27370

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T05:15:25Z

Weaknesses