Impact
The vulnerability permits the injection of sensitive information into data transmitted by the WordPress APIExperts Square for WooCommerce plugin, enabling an attacker to retrieve embedded sensitive data and thus breach confidentiality. It is identified as CWE‑201 Sensitive Data Exposure and has a CVSS base score of 8.3.
Affected Systems
Any WordPress site that installs the Saad Iqbal APIExperts Square for WooCommerce plugin version 4.7.3 or earlier is affected. No specific WordPress core or PHP version requirements are noted; any site running a vulnerable plugin version is at risk.
Risk and Exploitability
The high CVSS score reflects a serious potential danger. Because the EPSS score is unavailable, the exact likelihood of exploitation cannot be quantified, but the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote via the plugin’s API endpoints, as the weakness involves data sent out by the plugin. Should the exploit be successful, the attacker could read sensitive information that the plugin transmits. The lack of an available EPSS score underscores the need to treat the vulnerability with caution.
OpenCVE Enrichment