Impact
The vulnerability exists in WordPress ABC Crypto Checkout plugin versions up to 1.8.2, allowing unauthenticated access to sensitive data. An attacker can retrieve confidential transaction details or user information, potentially compromising privacy and confidentiality. The weakness arises from improper access controls, corresponding to CWE‑201.
Affected Systems
Affected is the WordPress ABC Crypto Checkout plugin by Al Monsor, specifically versions 1.8.2 and earlier. No other products or vendors are listed.
Risk and Exploitability
The CVSS score of 7.5 indicates high severity. The EPSS score is below 1%, suggesting a low probability of exploitation at present, and the vulnerability is not part of the CISA KEV catalog. An attacker can exploit the flaw remotely without authentication, based on the description. Based on the description, it is inferred that any user with web access could trigger the exposure. Based on the description, it is inferred that the attack requires only the ability to access the plugin’s exposed data endpoints, so the risk to networks or servers is primarily confidentiality loss.
OpenCVE Enrichment