WordPress Plugin Vulnerabilities

Be POPIA Compliant < 1.1.6 - Unauthenticated Sensitive Information Exposure

Description

The plugin exposes sensitive information to unauthenticated users such as site visitors emails and usernames via an API route

Affects Plugins

Plugin icon
be-popia-compliant
Fixed in 1.1.6

References

CVE
CVE-2022-1186
URL
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1186

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Chris Meistre
Verified
Yes
WPVDB ID
2cc20d47-1d9c-4a12-8418-2cc3ee98aa07

Timeline

Publicly Published
2022-03-30 (about 4 years ago)
Added
2022-03-30 (about 4 years ago)
Last Updated
2022-04-13 (about 4 years ago)

Other

Published
Title
Published
2023-11-24
Title
Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure
Published
2026-01-23
Title
Advanced WooCommerce Product Sales Reporting < 4.1.3 - Unauthenticated Information Exposure
Published
2024-04-22
Title
Email Customizer for WooCommerce | Drag and Drop Email Templates Builder < 2.6.1 - Information Exposure
Published
2025-08-27
Title
Xagio SEO < 7.1.0.6 - Unauthenticated Sensitive Information Exposure via Unprotected Back-Up Files
Published
2025-07-16
Title
JetTricks < 1.5.4.2 - Authenticated (Subscriber+) Information Exposure