What is the CVSS score of CVE-2026-42746?

CVE-2026-42746 has a CVSS 3.1 base score of 7.3 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Smart Online Order for Clover are affected by CVE-2026-42746?

The ZAYTECH 'Smart Online Order for Clover' WordPress plugin (versions through 1.6.0) exposes sensitive embedded information to unauthenticated remote attackers without requiring authentication or…

Smart Online Order for Clover CVE-2026-42746

Q: How to fix or mitigate CVE-2026-42746?

Within 24 hours: Identify all instances of the plugin in production and development environments; review access logs for suspicious requests targeting plugin endpoints. Within 7 days: Conduct data exposure assessment to determine what information has been accessible; rotate any embedded API keys or credentials; evaluate alternative Clover-compatible WordPress plugins. Within 30 days: Complete migration to a replacement solution or implement compensating controls below; if continuation is unavoidable, escalate to vendor for patch timeline commitment.

EUVD-2026-32195 HIGH

Insertion of Sensitive Information Into Sent Data (CWE-201)

2026-05-27 audit@patchstack.com

GHSA-r797-7chf-m2f5

Information Disclosure

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 20:55 vuln.today

DescriptionNVD

Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Retrieve Embedded Sensitive Data.This issue affects Smart Online Order for Clover: from n/a through <= 1.6.0.

AnalysisAI

Sensitive data exposure in the ZAYTECH "Smart Online Order for Clover" WordPress plugin (all versions through 1.6.0) allows remote unauthenticated attackers to retrieve embedded sensitive information that the plugin inserts into data it sends. The CVSS 3.1 base score is 7.3 with a network/no-auth vector but only Low impact across confidentiality, integrity, and availability. …

RemediationAI

Within 24 hours: Identify all instances of the plugin in production and development environments; review access logs for suspicious requests targeting plugin endpoints. Within 7 days: Conduct data exposure assessment to determine what information has been accessible; rotate any embedded API keys or credentials; evaluate alternative Clover-compatible WordPress plugins. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-42746 vulnerability details – vuln.today

Back