What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
Explanation of Vulnerability in Simple Terms
WP Mailster versions up to 1.8.16.0 contain an information disclosure vulnerability that allows authenticated users to read sensitive data they should not have access to. The vulnerability requires a valid WordPress account but no additional user interaction. An attacker with low-privilege credentials can extract confidential information from the plugin's operations.
What an attacker can do
Read sensitive data the attacker should not have access to.
Potential impact on your site
User data or plugin configuration details may be exposed to any authenticated WordPress user.
Conditions required to exploit
Attacker must have a valid WordPress user account with at least low-level privileges.
Key dates
External resources