Description
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through <= 4.3.0.
Published: 2026-05-12
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay plugin allows attackers to retrieve embedded sensitive data. The flaw stems from inadequate handling of confidential information before it is transmitted, leading to unintended data exposure. As a result, attackers could obtain sensitive details such as user credentials or payment information, compromising user privacy and potentially serving as a foothold for further attacks. This weakness is classified as CWE‑201.

Affected Systems

The vulnerability affects the WP EasyPay WordPress plugin provided by Saad Iqbal, versions from any release level up to and including 4.3.0. Any WordPress site that has installed or activated this plugin set to a version less than or equal to 4.3.0 is at risk.

Risk and Exploitability

The CVSS score of 5.3 places this issue in the moderate severity range, indicating that the potential impact is notable but not critical. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that widespread exploitation is currently not documented. The likely attack vector is remote, as an attacker could exploit the plugin through a web request to a WordPress site, eliciting responses that contain the exposed sensitive data. No specific prerequisites are noted beyond access to the site, meaning any visitor who can reach the plugin’s exposed endpoints could potentially be affected.

Generated by OpenCVE AI on May 12, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the WP EasyPay plugin to a version newer than 4.3.0, ensuring the fix for the sensitive data exposure is applied.
  • Review the plugin’s configuration and any custom code to confirm that no sensitive data is included in responses, logs, or debug output.
  • Conduct a security review of the WordPress installation to verify that there are no residual data leakage paths and reinforce access controls where appropriate.

Generated by OpenCVE AI on May 12, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Saad Iqbal
Saad Iqbal wp Easypay
Wordpress
Wordpress wordpress
Vendors & Products Saad Iqbal
Saad Iqbal wp Easypay
Wordpress
Wordpress wordpress

Tue, 12 May 2026 11:15:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through <= 4.3.0.
Title WordPress WP EasyPay plugin <= 4.3.0 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Saad Iqbal Wp Easypay
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T12:37:50.712Z

Reserved: 2026-05-11T14:11:52.757Z

Link: CVE-2026-45215

cve-icon Vulnrichment

Updated: 2026-05-12T12:37:29.550Z

cve-icon NVD

Status : Deferred

Published: 2026-05-12T11:16:20.977

Modified: 2026-05-12T14:03:52.757

Link: CVE-2026-45215

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T12:30:15Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data