CVE-2026-54848 | Insertion of Sensitive Information Into Sent Data vulnerabil… | CVSS 8.3 HIGH

Description

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.

Metadata

CVE ID: CVE-2026-54848
State: PUBLISHED
Assigner: Patchstack
Reserved: 2026-06-16 09:22 UTC
Published: 2026-06-25 13:26 UTC
Last updated: 2026-06-25 14:24 UTC
Primary CWE: CWE-201
CWE-201 Insertion of Sensitive Information Into Sent Data
Vendor / Product: Saad Iqbal / APIExperts Square for WooCommerce
Sources: cve.org · NVD

Severity & Metrics

8.3 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Saad Iqbal	APIExperts Square for WooCommerce	—	n/a ≤ 4.7.3

Weakness (CWE)

CWE	Source	Description
CWE-201	cna	CWE-201 Insertion of Sensitive Information Into Sent Data

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.3	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

References (1)

https://patchstack.com/database/wordpress/plugin/woosquare/vulnerability/wordpress-apiexperts-square-for-woocommerce-plugin-4-7-3-sensitive-data-exposure-vulnerability?_s_id=cve