CVE-2025-68029 MEDIUM

CVE-2025-68029: WordPress Wallet System for WooCommerce plugin <= 2.7.3 - Sensitive Data Exposure vulnerability

Vendor Wp Swings
Product Wallet System for WooCommerce
Weakness CWE-201
Published January 5, 2026
Last update April 29, 2026

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through <= 2.7.3.

Explanation of Vulnerability in Simple Terms

02Summary

The Wallet System for WooCommerce plugin contains an information disclosure vulnerability affecting versions up to 2.7.3. A logged-in attacker with low privileges can access sensitive data, modify certain settings, or disrupt service availability. The vulnerability requires network access and valid user credentials but no additional user interaction. Site administrators should update to a patched version immediately.

What an attacker can do

03Attacker Capabilities

Read sensitive data, modify settings, or cause service disruption with a valid user account.

Potential impact on your site

04Site Impact

Unauthorized users can view private information, alter plugin behavior, or degrade site performance.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege user account on the site; network access required.

Key dates

06Disclosure timeline

January 5, 2026 CVE published
April 29, 2026 Record updated