CVE-2026-54848

Publié : 25 juin 2026

Modifié : 25 juin 2026

Score CVSS

8.3

HIGH

Description détaillée

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Références et Patchs

https://patchstack.com/database/wordpress/plugin/woosquare/vulnerability/wordpress-apiexperts-square-for-woocommerce-plugin-4-7-3-sensitive-data-exposure-vulnerability?_s_id=cve

Dernières Vulnérabilités

CVE-2026-9718

CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request is sent to a vulnerable network-exposed service.

VOIR DÉTAILS

CVE-2026-9717

CWE-78 Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow unauthorized execution of commands with elevated privileges, impacting system integrity, confidentiality, and availability when a privileged authenticated user interacts with a vulnerable network-exposed service.

VOIR DÉTAILS

CVE-2026-9716

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces.

VOIR DÉTAILS