Sensitive Information Exposure in APIExperts Square for WooCommerce Plugin
CVE-2026-54848

8.3HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
25 June 2026

What is CVE-2026-54848?

A vulnerability exists in the APIExperts Square for WooCommerce plugin that allows attackers to retrieve embedded sensitive data from requests. The flaw, present in versions from n/a up to 4.7.3, could facilitate unauthorized access to critical information, posing significant risks to data security and user privacy. Sites using this plugin should take immediate action to apply patches and safeguard against potential exploitation.

Affected Version(s)

APIExperts Square for WooCommerce <= 4.7.3

References

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peng Zhou | Patchstack Bug Bounty Program
.