{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39709", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-04-07T10:58:22.476Z", "datePublished": "2026-04-08T08:30:48.380Z", "dateUpdated": "2026-04-08T08:30:48.380Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "the-tech-tribe", "product": "The Tribal", "vendor": "thetechtribe", "versions": [{"lessThanOrEqual": "1.3.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nabil Irawan | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-08T10:28:44.966Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.<p>This issue affects The Tribal: from n/a through <= 1.3.4.</p>"}], "value": "Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.3.4."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-201", "description": "Insertion of Sensitive Information Into Sent Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-08T08:30:48.380Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/the-tech-tribe/vulnerability/wordpress-the-tribal-plugin-1-3-4-sensitive-data-exposure-vulnerability?_s_id=cve"}], "title": "WordPress The Tribal plugin <= 1.3.4 - Sensitive Data Exposure vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.3.4."}], "id": "CVE-2026-39709", "lastModified": "2026-04-08T21:26:13.410", "metrics": {}, "published": "2026-04-08T09:16:43.753", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/the-tech-tribe/vulnerability/wordpress-the-tribal-plugin-1-3-4-sensitive-data-exposure-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-201"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.3.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "The Tribal", "source": "cna", "vendor": "thetechtribe"}, "product": "the_tribal", "vendor": "thetechtribe"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-08T10:23:53.051747+00:00", "value": {"mitigation_remediation": ["Update The Tribal plugin to a version newer than 1.3.4."], "summary": {"action": "Apply Patch", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "The Tribal plugin developed by thetechtribe is affected for all releases up to and including version 1.3.4. Any WordPress website using these versions that has the plugin installed is at risk.", "description_and_impact": "The vulnerability arises when the plugin inserts sensitive information into outgoing data, allowing attackers to retrieve embedded confidential data. This results in a loss of confidentiality, as vulnerability is classified as CWE-201, a sensitive data exposure flaw.", "risk_and_exploitability": "Because the issue allows the extraction of embedded sensitive data, an attacker who can trigger data sending through the plugin could obtain confidential information. Severity details such as CVSS or EPSS are not provided, and the vulnerability is not listed in the CISA KEV catalog, so the exact exploitation potential is unclear. The likely attack vector is local or remote depending on how the plugin handles outgoing data, but the input does not specify a precise method."}}}}, "created": "2026-04-08T19:27:27.718227+00:00", "updated": "2026-04-08T19:40:08.702867+00:00", "vendors": ["thetechtribe", "thetechtribe$PRODUCT$the_tribal", "wordpress", "wordpress$PRODUCT$wordpress"]}