What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in ThemeRuby Easy Post Submission easy-post-submission allows Retrieve Embedded Sensitive Data.This issue affects Easy Post Submission: from n/a through <= 1.7.0.
Explanation of Vulnerability in Simple Terms
02Summary
Easy Post Submission versions up to 1.7.0 contain an information disclosure vulnerability affecting high-privilege users. An authenticated administrator can trigger a condition that leaks sensitive data across system boundaries due to improper access controls. The vulnerability requires high attack complexity and administrative credentials to exploit, limiting its practical impact to insider threats or compromised admin accounts.
What an attacker can do
03Attacker Capabilities
Read sensitive information from the site or connected systems if they have admin access.
Potential impact on your site
04Site Impact
If an admin account is compromised, an attacker can access confidential data beyond the plugin's scope.
Conditions required to exploit
05Prerequisites
Attacker must have administrator-level credentials and perform specific actions to trigger the flaw.
Key dates
06Disclosure timeline
October 22, 2025
CVE published
April 28, 2026
Record updated