Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Authenticated low-privileged WordPress user reads subscriber data over the network; CWE-201 is a confidentiality-only disclosure, so I:N/A:N and no scope change.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
Subscriber Sensitive Data Exposure in PushEngage - Web Push Notifications, eCommerce Automation & Chat Widget <= 4.2.3 versions.
AnalysisAI
Sensitive data exposure in the PushEngage WordPress plugin (versions <= 4.2.3) allows authenticated low-privileged users to access subscriber information that should remain protected. The flaw, reported by Patchstack and tracked as CWE-201 (Insertion of Sensitive Information Into Sent Data), affects WordPress sites running the Web Push Notifications, eCommerce Automation & Chat Widget plugin and carries a CVSS 3.1 score of 7.4 with a scope change. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) a WordPress site with the PushEngage - Web Push Notifications, eCommerce Automation & Chat Widget plugin installed and active at version 4.2.3 or earlier, (2) network reachability to the site's admin-ajax or REST API surface, and (3) an authenticated session at a low privilege level (PR:L per the CVSS vector - typically Subscriber or Contributor, achievable on sites that allow open user registration). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L) shows network reachability, low complexity, low privileges required, no user interaction, and - notably - a scope change with low impact across all three CIA properties, yielding a 7.4 score driven largely by S:C rather than by severe individual impacts. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has registered or obtained any low-privileged WordPress account (e.g., Subscriber or Contributor) on a site running PushEngage <= 4.2.3 authenticates and issues a crafted request to a PushEngage endpoint that returns subscriber data. The response leaks subscriber records belonging to the site, allowing the attacker to harvest a list of push-notification subscribers for phishing, spam, or follow-on targeting. … |
| Remediation | Patch available per vendor advisory - upgrade the PushEngage plugin to a version newer than 4.2.3 as published on the WordPress.org plugin repository, consulting the Patchstack record at https://patchstack.com/database/wordpress/plugin/pushengage/vulnerability/wordpress-pushengage-web-push-notifications-ecommerce-automation-chat-widget-plugin-4-2-3-sensitive-data-exposure-vulnerability for the exact fixed release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: disable or deactivate the PushEngage plugin on all affected WordPress installations and audit recent access logs for unauthorized subscriber data retrieval by low-privileged accounts. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37626