CVE-2025-58656 MEDIUM

CVE-2025-58656: WordPress Estonian Shipping Methods for WooCommerce Plugin <= 1.7.2 - Sensitive Data Exposure Vulnerability

Vendor Risto Niinemets
Product Estonian Shipping Methods for WooCommerce
Weakness CWE-798 · Hardcoded credentials
Published September 22, 2025
Last update May 12, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce estonian-shipping-methods-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Estonian Shipping Methods for WooCommerce: from n/a through <= 1.7.2.

Explanation of Vulnerability in Simple Terms

02Summary

The Estonian Shipping Methods for WooCommerce plugin through version 1.7.2 contains hardcoded credentials or API keys that can be extracted from the plugin code. An attacker with network access can read these credentials without authentication, potentially gaining unauthorized access to shipping service integrations or related accounts.

What an attacker can do

03Attacker Capabilities

Read hardcoded credentials or API keys from the plugin without authentication.

Potential impact on your site

04Site Impact

Shipping service credentials may be compromised, allowing unauthorized access to shipping accounts or service disruption.

Conditions required to exploit

05Prerequisites

Network access to the site; no authentication or user interaction required.

Key dates

06Disclosure timeline

September 22, 2025 CVE published
May 12, 2026 Record updated