{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24593", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-23T12:32:12.342Z", "datePublished": "2026-01-23T14:29:01.171Z", "dateUpdated": "2026-04-28T16:14:49.785Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "another-wordpress-classifieds-plugin", "product": "AWP Classifieds", "vendor": "Strategy11 Team", "versions": [{"changes": [{"at": "4.4.4", "status": "unaffected"}], "lessThanOrEqual": "4.4.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:49.968Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.<p>This issue affects AWP Classifieds: from n/a through <= 4.4.3.</p>"}], "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:49.785Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/another-wordpress-classifieds-plugin/vulnerability/wordpress-awp-classifieds-plugin-4-4-3-sensitive-data-exposure-vulnerability?_s_id=cve"}], "title": "WordPress AWP Classifieds plugin <= 4.4.3 - Sensitive Data Exposure vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-23T20:46:28.027285Z", "id": "CVE-2026-24593", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T14:32:48.639Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24593", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-23T20:46:28.027285Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T20:46:14.019Z"}}], "cna": {"title": "WordPress AWP Classifieds plugin <= 4.4.3 - Sensitive Data Exposure vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Strategy11 Team", "product": "AWP Classifieds", "versions": [{"status": "affected", "changes": [{"at": "4.4.4", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "4.4.3"}], "packageName": "another-wordpress-classifieds-plugin", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-28T13:26:25.738Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/another-wordpress-classifieds-plugin/vulnerability/wordpress-awp-classifieds-plugin-4-4-3-sensitive-data-exposure-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3.", "supportingMedia": [{"type": "text/html", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.<p>This issue affects AWP Classifieds: from n/a through <= 4.4.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-497", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T12:10:45.491Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24593", "state": "PUBLISHED", "dateUpdated": "2026-04-28T14:32:48.639Z", "dateReserved": "2026-01-23T12:32:12.342Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-23T14:29:01.171Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3."}, {"lang": "es", "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n sensible del sistema a una esfera de control no autorizada en el plugin Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin permite recuperar datos sensibles incrustados. Este problema afecta a AWP Classifieds: desde n/a hasta &lt;= 4.4.3."}], "id": "CVE-2026-24593", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-23T15:16:17.247", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/another-wordpress-classifieds-plugin/vulnerability/wordpress-awp-classifieds-plugin-4-4-3-sensitive-data-exposure-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T07:25:43.611446+00:00", "value": {"mitigation_remediation": ["Upgrade the AWP Classifieds plugin to a version newer than 4.4.3, or apply any vendor\u2011approved patch if available.", "If upgrading is not possible or delayed, disable or remove the plugin from the WordPress installation to eliminate the vulnerable code path.", "After changes, conduct a vulnerability scan or audit to confirm that no sensitive data retrieval endpoints remain and that the plugin no longer exposes confidential information."], "summary": {"action": "Apply Patch", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "Affected systems include the WordPress AWP Classifieds plugin distributed by Strategy11 Team. The flaw exists in all versions up through 4.4.3, including any deployment that has not been upgraded beyond that release.", "description_and_impact": "The vulnerability in Strategy11 Team AWP Classifieds allows an attacker to retrieve embedded sensitive data from a WordPress site. This results in unauthorized disclosure of system information that should be protected, potentially revealing user data, configuration details, and other confidential information. The weakness is rooted in improper handling of data retrieval, leading to direct exposure of sensitive data to an unauthorized control sphere.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate risk, and the EPSS score of less than 1% suggests that exploitation is uncommon at this time. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is an unauthenticated web request that accesses a plugin endpoint exposing sensitive data. The impact is limited to confidentiality, with no evidence of remote code execution or denial of service in the provided data."}}}}, "created": "2026-01-26T11:53:24.157823+00:00", "updated": "2026-04-16T07:30:28.606197+00:00", "vendors": ["strategy11", "strategy11$PRODUCT$awp_classifieds", "wordpress", "wordpress$PRODUCT$wordpress"]}