What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in wowpress.host Fix Media Library wow-media-library-fix allows Retrieve Embedded Sensitive Data.This issue affects Fix Media Library: from n/a through <= 2.0.
Explanation of Vulnerability in Simple Terms
02Summary
Fix Media Library versions 2.0 and earlier expose sensitive information through the network without requiring authentication or user interaction. An attacker can read non-public data from the affected component. The vulnerability has a CVSS score of 5.3 (medium severity). A patched version is not yet publicly identified.
What an attacker can do
03Attacker Capabilities
Read sensitive information from the media library without logging in.
Potential impact on your site
04Site Impact
Confidential media library data may be exposed to unauthenticated visitors.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
December 16, 2025
CVE published
April 28, 2026
Record updated