What the vulnerability does
01Description
Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce estonian-shipping-methods-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Estonian Shipping Methods for WooCommerce: from n/a through <= 1.7.2.
Explanation of Vulnerability in Simple Terms
02Summary
The Estonian Shipping Methods for WooCommerce plugin through version 1.7.2 contains hardcoded credentials or API keys that can be extracted from the plugin code. An attacker with network access can read these credentials without authentication, potentially gaining unauthorized access to shipping service integrations or related accounts.
What an attacker can do
03Attacker Capabilities
Read hardcoded credentials or API keys from the plugin without authentication.
Potential impact on your site
04Site Impact
Shipping service credentials may be compromised, allowing unauthorized access to shipping accounts or service disruption.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
September 22, 2025
CVE published
May 12, 2026
Record updated