CVE-2026-3546
Received Received - Intake

Sensitive Information Exposure in e-shot WordPress Plugin via AJAX

Vulnerability report for CVE-2026-3546, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-21

Last updated on: 2026-03-21

Assigner: Wordfence

Description

The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshot_form_builder_get_account_data() function is registered as a wp_ajax_ AJAX handler accessible to all authenticated users. The function lacks any capability check (e.g., current_user_can('manage_options')) and does not verify a nonce. It directly queries the database for the e-shot API token stored in the eshotformbuilder_control table and returns it along with all subaccount data as a JSON response. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract the e-shot API token and subaccount information, which could then be used to access the victim's e-shot platform account.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-21
Last Modified
2026-03-21
Generated
2026-07-06
AI Q&A
2026-03-21
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
esotalk esotalk to 1.0.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-202 When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The e-shot form builder plugin for WordPress has a vulnerability in all versions up to and including 1.0.2. Specifically, the function eshot_form_builder_get_account_data() is accessible to all authenticated users without proper capability checks or nonce verification. This function queries the database and returns the e-shot API token and all subaccount data as a JSON response. Because of this, any authenticated user with Subscriber-level access or higher can extract sensitive information such as the API token and subaccount details.

Impact Analysis

This vulnerability allows attackers with even low-level authenticated access (Subscriber-level and above) to retrieve the e-shot API token and subaccount information. With this information, attackers could potentially access the victim's e-shot platform account, leading to unauthorized access to sensitive data or misuse of the e-shot services associated with the account.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3546. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart