What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.17.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.17.0.
Explanation of Vulnerability in Simple Terms
WP Mailster versions up to 1.8.17.0 expose sensitive information through improper access controls. An unauthenticated attacker can read data that should be restricted, such as email addresses or configuration details. The vulnerability requires no user interaction and is remotely exploitable over the network.
What an attacker can do
Read sensitive data like email addresses or plugin configuration without authentication.
Potential impact on your site
Visitor and user email addresses or other restricted data may be exposed to anyone on the internet.
Conditions required to exploit
Network access to the WordPress site; no authentication or user interaction required.
Key dates
External resources