CVE-2025-22303

Medium

Published: 07 January 2025

Published

07 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score 0.0016 36.5th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.17.0.

Security Summary

CVE-2025-22303 is an Insertion of Sensitive Information Into Sent Data vulnerability (CWE-201) in the WP Mailster WordPress plugin (wp-mailster) developed by brandtoss. The issue affects all versions from n/a through 1.8.17.0 and allows attackers to retrieve embedded sensitive data. Published on 2025-01-07, it has a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), indicating medium severity with low confidentiality impact.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction or privileges required. Exploitation enables retrieval of embedded sensitive data sent by the plugin, without impacting integrity or availability.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/wp-mailster/vulnerability/wordpress-wp-mailster-plugin-1-8-17-0-sensitive-data-exposure-vulnerability?_s_id=cve provides further details on this sensitive data exposure vulnerability in WP Mailster version 1.8.17.0.

Details

CWE(s): CWE-201NVD-CWE-Other

Affected Products

wpmailster

wp mailster

≤ 1.8.18

References

https://patchstack.com/database/Wordpress/Plugin/wp-mailster/vulnerability/wordpress-wp-mailster-plugin-1-8-17-0-sensitive-data-exposure-vulnerability?_s_id=cve
Third Party Advisory · audit@patchstack.com