What the vulnerability does
01Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through <= 1.1.
Explanation of Vulnerability in Simple Terms
02Summary
Site Info versions 1.1 and earlier expose sensitive information to authenticated administrators. An admin with high privileges can read non-public site details through the application. The exposure is limited to confidentiality; no data modification or service disruption occurs. Update to a version newer than 1.1 when available.
What an attacker can do
03Attacker Capabilities
Read sensitive site information if they have high-level admin access.
Potential impact on your site
04Site Impact
Admins with elevated privileges can access information they shouldn't; risk is low if admin accounts are well-controlled.
Conditions required to exploit
05Prerequisites
Attacker must be authenticated as a high-privilege administrator; no user interaction required.
Key dates
06Disclosure timeline
September 5, 2025
CVE published
May 12, 2026
Record updated