Impact
The vulnerability is an Insertion of Sensitive Information Into Sent Data flaw that allows an attacker to retrieve embedded sensitive data from form submissions. The flaw results in the accidental disclosure of confidential information that should not be exposed, potentially compromising user privacy and data integrity.
Affected Systems
The Softaculous FormLayer plugin for WordPress, specifically all releases from the original date through version 1.0.6, is impacted. Versions above 1.0.6 are not affected.
Risk and Exploitability
The CVSS score of 5.3 indicates moderate severity, and no EPSS score is available, so precise likelihood of exploitation is unknown. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote exploitation via accessible web forms, as the plugin processes user-submitted data and sends it to external destinations.
OpenCVE Enrichment