Description
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0.
Published: 2026-05-27
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover plugin allows retrieval of embedded sensitive data. This vulnerability exposes confidential information that should remain private, potentially leading to data breaches. The weakness is classified as CWE‑201, indicating improper handling of sensitive data during transmission.

Affected Systems

The affected product is the WordPress Smart Online Order for Clover plugin released by ZAYTECH, with vulnerable versions ranging from the earliest release up to and including version 1.6.0. Systems running WordPress with this plugin installed, regardless of other configurations, are susceptible.

Risk and Exploitability

The CVSS score of 7.3 reflects high severity, while the EPSS score is not available, making it unclear how frequently attackers are targeting this flaw. The vulnerability does not appear in the CISA KEV catalog, suggesting no confirmed large‑scale exploitation. Based on the plugin's role in transmitting order data, the likely attack vector is a remote web‑based exploitation of the WordPress site, where an attacker can manipulate request parameters to trigger the exposure of sensitive information. Exploitation requires access to the site or an ability to send crafted requests to the plugin endpoint.

Generated by OpenCVE AI on May 27, 2026 at 11:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Smart Online Order for Clover plugin to a version that fixes the issue (≥ 1.6.1).
  • If an update is not immediately possible, disable or remove the plugin from the WordPress installation.
  • Configure the WordPress site to enforce HTTPS for all data transmissions to prevent the leakage of sensitive information over plain‑text connections.
  • Monitor server and application logs for unauthorized data exposure activities and review access patterns regularly.

Generated by OpenCVE AI on May 27, 2026 at 11:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Zaytech
Zaytech smart Online Order For Clover
Vendors & Products Wordpress
Wordpress wordpress
Zaytech
Zaytech smart Online Order For Clover

Wed, 27 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 10:30:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0.
Title WordPress Smart Online Order for Clover plugin <= 1.6.0 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
Zaytech Smart Online Order For Clover
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-27T10:50:46.565Z

Reserved: 2026-04-29T09:05:30.887Z

Link: CVE-2026-42746

cve-icon Vulnrichment

Updated: 2026-05-27T10:50:41.399Z

cve-icon NVD

Status : Received

Published: 2026-05-27T11:16:21.057

Modified: 2026-05-27T11:16:21.057

Link: CVE-2026-42746

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T12:00:32Z

Weaknesses