CVE-2025-49419 MEDIUM

CVE-2025-49419: WordPress Foxit eSign for WordPress plugin <= 2.0.3 - Other Vulnerability Type Vulnerability

Vendor Esigngenie
Product Foxit eSign for WordPress
Weakness CWE-497
Published June 6, 2025
Last update April 28, 2026

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress esign-genie-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Foxit eSign for WordPress: from n/a through <= 2.0.3.

Explanation of Vulnerability in Simple Terms

02Summary

The Foxit eSign for WordPress plugin through version 2.0.3 exposes sensitive information to authenticated administrators. An attacker with high-level site access can read data they should not have permission to view. The vulnerability requires administrator privileges and does not affect site availability or allow data modification.

What an attacker can do

03Attacker Capabilities

Read sensitive information they should not have access to as an administrator.

Potential impact on your site

04Site Impact

Administrators with malicious intent or compromised admin accounts can access confidential data stored by the plugin.

Conditions required to exploit

05Prerequisites

Attacker must have administrator-level access to the WordPress site.

Key dates

06Disclosure timeline

June 6, 2025 CVE published
April 28, 2026 Record updated