The Tribal
Monthly
The Tribal WordPress plugin through version 1.3.4 exposes sensitive data in outbound network communications, allowing unauthenticated remote attackers to retrieve embedded sensitive information with low complexity. The vulnerability stems from improper handling of sensitive data before transmission, classified as CWE-201 (Insertion of Sensitive Information Into Sent Data). With an EPSS score of 0.02% and no confirmed active exploitation, this represents a low real-world priority despite the network-accessible attack vector, suggesting the exposure may require specific conditions or have limited practical exploitability.
The Tribal WordPress plugin through version 1.3.4 exposes sensitive data in outbound network communications, allowing unauthenticated remote attackers to retrieve embedded sensitive information with low complexity. The vulnerability stems from improper handling of sensitive data before transmission, classified as CWE-201 (Insertion of Sensitive Information Into Sent Data). With an EPSS score of 0.02% and no confirmed active exploitation, this represents a low real-world priority despite the network-accessible attack vector, suggesting the exposure may require specific conditions or have limited practical exploitability.