What the vulnerability does
01Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Retrieve Embedded Sensitive Data.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.10.
Explanation of Vulnerability in Simple Terms
02Summary
WPeMatico RSS Feed Fetcher versions 2.8.10 and earlier contain an exposure of sensitive information vulnerability. An authenticated user with low privileges can read data that should be restricted. The vulnerability requires network access and valid login credentials but no additional user interaction. Update to a version newer than 2.8.10.
What an attacker can do
03Attacker Capabilities
Read sensitive data accessible through the plugin that should be restricted from their privilege level.
Potential impact on your site
04Site Impact
Authenticated users can access confidential information they shouldn't see, risking data exposure.
Conditions required to exploit
05Prerequisites
Attacker must have a valid WordPress user account with low-level privileges and network access.
Key dates
06Disclosure timeline
September 22, 2025
CVE published
April 28, 2026
Record updated