{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25344", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:52:42.957Z", "datePublished": "2026-03-25T16:14:42.559Z", "dateUpdated": "2026-03-26T17:08:59.868Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "review-schema", "product": "Review Schema", "vendor": "RadiusTheme", "versions": [{"changes": [{"at": "2.2.7", "status": "unaffected"}], "lessThanOrEqual": "<= 2.2.6", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Doan Dinh Van | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:21.792Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.<p>This issue affects Review Schema: from n/a through <= 2.2.6.</p>"}], "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through <= 2.2.6."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:42.559Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/review-schema/vulnerability/wordpress-review-schema-plugin-2-2-6-sensitive-data-exposure-vulnerability?_s_id=cve"}], "title": "WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T17:08:55.299373Z", "id": "CVE-2026-25344", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:08:59.868Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-25344", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T17:08:55.299373Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T17:08:48.476Z"}}], "cna": {"title": "WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Doan Dinh Van | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "affected": [{"vendor": "RadiusTheme", "product": "Review Schema", "versions": [{"status": "affected", "changes": [{"at": "2.2.7", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "<= 2.2.6"}], "packageName": "review-schema", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-03-25T17:12:21.792Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/review-schema/vulnerability/wordpress-review-schema-plugin-2-2-6-sensitive-data-exposure-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through <= 2.2.6.", "supportingMedia": [{"type": "text/html", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.<p>This issue affects Review Schema: from n/a through <= 2.2.6.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-497", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:42.559Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25344", "state": "PUBLISHED", "dateUpdated": "2026-03-26T17:08:59.868Z", "dateReserved": "2026-02-02T12:52:42.957Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-25T16:14:42.559Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through <= 2.2.6."}, {"lang": "es", "value": "Exposici\u00f3n de Informaci\u00f3n Sensible del Sistema a una Esfera de Control No Autorizada vulnerabilidad en RadiusTheme Review Schema review-schema permite Recuperar Datos Sensibles Incrustados. Este problema afecta a Review Schema: desde n/a hasta &lt;= 2.2.6."}], "id": "CVE-2026-25344", "lastModified": "2026-03-26T18:16:28.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T17:16:45.070", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/review-schema/vulnerability/wordpress-review-schema-plugin-2-2-6-sensitive-data-exposure-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.2.6]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "2.2.7"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Review Schema", "source": "cna", "vendor": "RadiusTheme"}, "product": "review_schema", "vendor": "radiustheme"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-25T18:05:31.022366+00:00", "value": {"mitigation_remediation": ["Update the Review Schema plugin to the latest available version (2.2.7 or newer).", "If an update is not possible, disable or remove the plugin from the site.", "Review the website for any exposed data that may have been served during the vulnerability window.", "Monitor site logs for unusual data access patterns."], "summary": {"action": "Patch Now", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "The affected product is the Review Schema plugin developed by RadiusTheme. All installations of the plugin with version 2.2.6 or earlier are vulnerable. No other product or version information was specified; therefore any WordPress site using the plugin in those versions is at risk.", "description_and_impact": "The RadiusTheme Review Schema plugin, versions up to 2.2.6, contain a vulnerability that allows an unauthorized user to retrieve embedded sensitive data from the system. According to the description, the flaw results in the exposure of sensitive system information, which could lead to confidentiality compromise. The weakness is classified as CWE\u2011497, indicating that the code can recover sensitive information that should not be carried over to the user.", "risk_and_exploitability": "No CVSS or EPSS score is provided, and the vulnerability is not listed in the CISA KEV catalog, suggesting an absence of publicly known exploits yet. However, because the flaw permits arbitrary retrieval of sensitive data, an attacker who can access the WordPress site\u2014either through normal browsing or via authenticated API endpoints\u2014could obtain protected system information. The risk level is moderate to high for organizations that handle confidential or personal data, and the lack of an exploit barrier means the vulnerability could be abused if the plugin is exposed on a public website."}}}}, "created": "2026-03-25T21:45:07.159185+00:00", "updated": "2026-03-26T11:39:14.126985+00:00", "vendors": ["radiustheme", "radiustheme$PRODUCT$review_schema", "wordpress", "wordpress$PRODUCT$wordpress"]}