Description
Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
Published: 2026-06-15
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in WordPress ABC Crypto Checkout plugin versions up to 1.8.2, allowing unauthenticated access to sensitive data. An attacker can retrieve confidential transaction details or user information, potentially compromising privacy and confidentiality. The weakness arises from improper access controls, corresponding to CWE‑201.

Affected Systems

Affected is the WordPress ABC Crypto Checkout plugin by Al Monsor, specifically versions 1.8.2 and earlier. No other products or vendors are listed.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity. The EPSS score is below 1%, suggesting a low probability of exploitation at present, and the vulnerability is not part of the CISA KEV catalog. An attacker can exploit the flaw remotely without authentication, based on the description. Based on the description, it is inferred that any user with web access could trigger the exposure. Based on the description, it is inferred that the attack requires only the ability to access the plugin’s exposed data endpoints, so the risk to networks or servers is primarily confidentiality loss.

Generated by OpenCVE AI on June 18, 2026 at 00:22 UTC.

Remediation

Vendor Solution

Update the WordPress ABC Crypto Checkout Plugin to the latest available version (at least 1.8.3).


OpenCVE Recommended Actions

  • Update the WordPress ABC Crypto Checkout Plugin to version 1.8.3 or later
  • Disable or uninstall any older versions of the plugin to prevent accidental use
  • Verify that plugin data endpoints are inaccessible to unauthenticated users and that user roles and permissions are configured correctly

Generated by OpenCVE AI on June 18, 2026 at 00:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Al Monsor
Al Monsor abc Crypto Checkout
Wordpress
Wordpress wordpress
Vendors & Products Al Monsor
Al Monsor abc Crypto Checkout
Wordpress
Wordpress wordpress

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8.2 versions.
Title WordPress ABC Crypto Checkout plugin <= 1.8.2 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Al Monsor Abc Crypto Checkout
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-16T01:16:39.758Z

Reserved: 2026-06-08T10:11:03.696Z

Link: CVE-2026-52695

cve-icon Vulnrichment

Updated: 2026-06-16T01:16:35.184Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T21:17:24.227

Modified: 2026-06-15T21:24:32.790

Link: CVE-2026-52695

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:06:33Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data